ShinyHunters sells data of 30 million Santander customers: What you need to know!

Threat Actor: ShinyHunters | ShinyHunters
Victim: Santander Bank | Santander
Price: $2M
Exfiltrated Data Type: Customer data, account numbers and balances, credit card numbers, HR employee lists, consumer citizenship information

Additional Information:

  • ShinyHunters is a notorious threat actor.
  • The data was allegedly stolen from the Santander Bank.
  • The breach affected 30 million customers, employees, and bank account data.
  • The breach was caused by unauthorized access to a database hosted by a third-party provider.
  • The compromised database did not store transactional data, online banking details, passwords, or other data that would allow transactions.
  • The exact number of individuals impacted is unclear.
  • ShinyHunters is the current administrator of BreachForums.
  • The price for the data is $2M for a one-time sale.
  • The data includes customer data, account numbers and balances, credit card numbers, HR employee lists, and consumer citizenship information.
  • Santander Bank is invited to buy the data.

A notorious threat actor ShinyHunters is offering a huge trove of data allegedly stolen from the Santander Bank for sale. ShinyHunters claims to have stolen information for 30 million customers, employees, and bank account data.

In mid-May, the Spanish financial institution Santander disclosed a data breach involving a third-party provider that affected customers in Chile, Spain, and Uruguay. The bank became aware of unauthorized access to one of its databases hosted by a third-party provider.

The company announced that it immediately implemented measures to contain the incident. The company blocked the compromised access to the database and established additional fraud prevention controls to protect affected customers.

“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.” reads the statement published by the bank. “Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.”

The compromised database contained information on all current and some former employees. 

The bank pointed out that the database did not store transactional data, online banking details, passwords, or other data that would allow someone to conduct transactions. 

“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank’s operations and systems are not affected, so customers can continue to transact securely.” continues the statement.

The financial institution hasn’t provided technical details of the incident or what kind of data was exposed. It’s unclear how many individuals are impacted.

ShinyHunters is the current administrator of BreachForums, the cybercrime forum that recently resurrected two weeks after a law enforcement operation that seized its infrastructure.

ShinyHunters claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000. Stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.

On May 30, 2024, ShinyHunters published an announcement titled: “Santander Bank Data – Spain, Chile, Uruguay – Customers, CC, Bank, more” that claims country affected are Spain, Chile, and Uruguay.

Data contains

  • 30 million customers data
  • 6 million account numbers and balances
  • 28 million credit card numbers
  • HR employee lists
  • Consumer citizenship information

The price for the data is $2M for a one-time sale.

The seller also invites Santander to buy this data.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)



Original Source: https://securityaffairs.com/163956/data-breach/shinyhunters-claims-santander-breach.html