UK

Santander staff and customer data stolen in major cyber attack

A hacking group was reportedly behind a similar data breach of Ticketmaster which emerged earlier this week.

Santander is the latest victim of a cyber attack
Santander is the latest victim of a cyber attack (John Stillwell/PA)

Santander is the latest victim of a cyber attack – with hackers accessing data relating to all its staff and millions of overseas customers, the bank confirmed.

A hacking group was reportedly behind a similar data breach of Ticketmaster, which emerged earlier this week.

Certain information relating to all current and some former Santander staff – as well as customers in Spain, Chile and Uruguay – was accessed in the breach, the lender said.

“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” it said.

Santander employs about 200,000 people worldwide, including around 20,000 in the UK.

Join the Irish News Whatsapp channel

No customer data in the UK, or any other of its markets, were affected.

“We apologise for the concern this will understandably cause and are proactively contacting affected customers and employees directly,” the bank said in a statement shared earlier this month.

It also stressed that its banking systems were not affected and customers could continue to “transact securely”.

According to reports, the ShinyHunters hacking group claimed responsibility for the cyber attack and said it had stolen the personal details of millions of people.

Dark Web Informer, researchers who expose threat alerts and breaches, said ShinyHunters was allegedly selling access to Santander’s database for two million US dollars (£1.6 million) to a “one time” buyer.

The hackers said Santander was “also very welcome” to buy the data themselves.

Santander has not commented on the accuracy of these claims.

On Thursday, it emerged that Ticketmaster was the subject of a cyber attack, with ShinyHunters allegedly demanding around £400,000 in a ransom payment to prevent the data being sold on the dark web.

Ticketmaster did not publicly confirm the breach.