All Santander staff and millions of customers have data hacked

Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers.

They belong to the same gang which this week claimed to have hacked Ticketmaster.

The bank – which employs 200,000 people worldwide, including around 20,000 in the UK – has confirmed data has been stolen.

Santander has apologised for what it says is “the concern this will understandably cause” adding it is “proactively contacting affected customers and employees directly.”

“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” it said in a statement posted earlier this month.

“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.”

It said its banking systems were unaffected so customers could continue to “transact securely.”

In a post on a hacking forum – first spotted by researchers at Dark Web Informer- the group calling themselves ShinyHunters posted an advert saying they had data including

• 30 million people’s bank account details
• 6 million account numbers and balances
• 28 million credit card numbers
• HR information for staff

Santander has not commented on the accuracy of those claims.

ShinyHunters have previously sold data confirmed to have been stolen from US telecoms firm AT&T.

The gang is also selling what it says is a huge amount of private data from Ticketmaster.

The Australian government says it is working with Ticketmaster to address the issue. The FBI has also offered to assist.

Some experts have said ShinyHunters’ claims should be treated with caution, as they may be a publicity stunt.

However, researchers at cyber-security company Hudson Rock claim that the Santander breach and the apparent Ticketmaster one are linked to a major ongoing hack of a large cloud storage company called Snowflake.

Hudson Rock says it has spoken to the perpetrators of the alleged Snowflake hack – who claim that they gained access to its internal system by stealing the login details of a member of Snowflake staff.

Snowflake has not confirmed this but notified customers on Friday that it was “investigating an increase in cyber threat activity targeting some of our customers’ accounts.”

If Snowflake is proven to be the source of these ongoing hacks there could be many more victims.