Bank account details of Santander's American employees have been compromised following a hack in a third-party database.
Santander Bank has recently disclosed a data breach involving the sensitive information of its U.S. employees, including direct deposit bank account details and social security numbers. The breach is linked to the international cyber threat group, ShinyHunters, known for targeting high-profile victims.
According to filings with the Attorney General's offices of Maine and Vermont, the data breach occurred as a result of a third-party database hack. The unauthorized access to employee data took place between late April and early May.
The breach was discovered on May 10, as per a letter from the bank. Santander Bank plans to notify customers, employees, and regulators about the data breach. It is important to note that the third-party database did not contain any transactional data or account credentials.
The threat group ShinyHunters, in a McAfee advisory, claimed access to data belonging to 30 million Santander customers. However, Santander's previous statement on May 14 warned that customers of Santander Chile, Uruguay, and Spain were also impacted by a third-party database hack, but no detailed public report links that incident specifically with U.S. employee data or attributes it to a particular attacker beyond the known activity of ShinyHunters.
Aviral Verma, lead threat intelligence analyst at Securin, stated that the original poster of the ShinyHunters claim is now "retired" and it is not possible to confirm their involvement in the Santander breach at this moment.
The impacted figure, as reported by the Maine AG's office, stands at 12,786 people. However, it is not clear whether this figure involves just U.S. employees or others.
Santander Bank has taken immediate action to protect its systems, blocking access to the affected systems and continuing to take further action. The bank will be notifying the affected individuals and providing them with support to help protect their personal information.
[1] Source: TechCrunch [2] Source: BleepingComputer
Threat intelligence analyst Aviral Verma from Securin noted that the original poster of the ShinyHunters claim, who is now inactive, cannot be definitively linked to the Santander Bank breach at this time. In light of this data breach, it is crucial for businesses to prioritize cybersecurity measures, especially with technology advancing and finance becoming increasingly digital.
