Threat Actor: Unknown | Unknown
Victim: Santander | Santander
Price: Not specified
Exfiltrated Data Type: Customer information, employee information
Additional Information :
- The data breach affected customers in Chile, Spain, and Uruguay.
- The unauthorized access occurred in a database hosted by a third-party provider.
- Santander immediately implemented measures to contain the incident and protect affected customers.
- The compromised database contained information on all current and some former employees.
- The database did not store transactional data, online banking details, passwords, or other data that would allow transactions to take place.
- The financial institution has not provided technical details or the exact number of individuals impacted.
The Spanish financial institution Santander revealed a data breach involving a third-party provider that affected customers in Chile, Spain, and Uruguay.
The bank recently became aware of unauthorized access to one of its databases hosted by a third-party provider.
The company announced that it immediately implemented measures to contain the incident. The company blocked the compromised access to the database and established additional fraud prevention controls to protect affected customers.
“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.” reads the statement published by the bank. “Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.”
The compromised database contained information on all current and some former employees.
The bank pointed out that the database did not store transactional data, online banking details, passwords, or other data that would allow someone to conduct transactions.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank’s operations and systems are not affected, so customers can continue to transact securely.” continues the statement.
The financial institution hasn’t provided technical details of the incident or what kind of data was exposed. It’s unclear how many individuals are impacted.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Original Source: https://securityaffairs.com/163231/data-breach/santander-third-party-data-breach.html