The fall-out from the so-called Snowflake attack has claimed yet another scalp with hackers reportedly attempting to sell what they say is confidential information belonging to millions of Santander staff and customers.
The bank, which employs 200,000 people worldwide, including around 20,000 in the UK, has confirmed data has been stolen and has apologised for what it says is “the concern this will understandably cause”.
The bank insists it is “proactively contacting affected customers and employees directly” but claims that UK customer data was not affected or lost in the hack.
In a statement, the company said: “Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.” It said its banking systems were unaffected so customers could continue to “transact securely”.
However, hacking collective Shiny Hunters has posted an ad saying they have data including 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers and HR information for staff.
Santander has not commented on the accuracy of those claims.
Shiny Hunters are also selling up to 560 million Ticketmaster customer records, as well as data from Australian event ticketing company Ticketeck.
Some cyber security specialists have said Shiny Hunters’ claims should be treated with a pinch of salt, as they may be a publicity stunt, however, Ticketmaster has now confirmed “unauthorised activity” on its database.
The hacking group is reportedly demanding a $500,000 (£400,000) ransom payment to prevent the ticketing giant’s customer data from being sold to other parties.
In a filing to the US Securities & Exchange Commission, Ticketmaster parent company Live Nation said that “a criminal threat actor offered what it alleged to be company user data for sale via the dark web”, and that it was investigating.
The number of customers affected by the data breach has not been confirmed.
Related stories
Shiny unhappy people: Now Ticketmaster attack widens
Firms on red alert over Ticketmaster mass data breach
Ticketmaster settles breach payout but denies liability
Ransomware victims who pay up are nearly all hit again
Gamers attacked as Fortnite firm suffers data breach
UK firms braced for fresh wave of ransomware attacks
UK firms still in dark over new cyber security measures
Major brands warned over extortion after global attack
