A group of hackers is attempting to sell sensitive personal information, such as bank account and credit card numbers, belonging to millions of Santander customers to the highest bidder.
Known as Shiny Hunters, the same group that claims responsibility for hacking Ticketmaster, has posted an advertisement on a hacker forum seeking $2m (£1.6m) for the data, which they assert includes details of Santander staff.
In a post detailing the data they allege to possess, the hackers have openly challenged banks, stating: “If Santander wishes to acquire this data, they are welcome to do so.”
Santander, which has a workforce of 200,000, including approximately 20,000 in the UK, has confirmed that it was breached two weeks ago.
“Following our investigations, we have determined that certain information was accessed pertaining to Santander Chile, Spain, and Uruguay customers, as well as all current Santander employees and some former group employees,” the company stated in a statement issued on May 14th.
“Customer information in all other Santander markets and businesses remains unaffected.”
Santander expressed regret for the concern caused and assured that affected customers and employees would be contacted directly. They emphasized that the compromised database does not contain any transaction or authentication information for online banking, ensuring that banking operations remain secure.
In a post on a hacking forum noticed by Dark Web Informer researchers, ShinyHunters disclosed the scope of data they claim to have acquired, including 30 million bank account details, 6 million account numbers and balances, and 28 million credit card numbers.
Santander has not yet commented on the veracity of the group’s claims.
After newsletter promotion
The Shiny Hunters allegedly obtained personal information of over 500,000 Ticketmaster customers, although the company has yet to acknowledge the breach publicly.
Reports indicate that Australian and US authorities are collaborating with Ticketmaster to address the incident, in which hackers accessed the personal details of 560 million Ticketmaster customers, including names, addresses, phone numbers, and some payment information.
ShinyHunters are reportedly demanding around £400,000 from Ticketmaster as a ransom payment to prevent the data from being sold on the dark web.
Source: www.theguardian.com
