Third-party database hack exposes banking details of Santander's US employees, the bank warns.
Santander Bank has confirmed that a third-party database, hosting employee information used for direct deposits between late April and early May, was hacked by a cybercriminal group known as ShinyHunters. The data breach affected thousands of U.S. employees, and the group claimed to have accessed and is selling a large trove of Santander Bank data, including information on 30 million customers and employees.
The Maine Attorney General's office reported that a total of 12,786 people were impacted by the data breach, which occurred on April 17 and was discovered on May 10. The unauthorized access to the affected systems was blocked immediately after discovery.
ShinyHunters, an international cybercrime group that first emerged in 2020, has targeted several high-profile organizations, including Santander Bank in a previous incident in May 2024 involving 30 million customers from Spain, Chile, and Uruguay. Their modus operandi typically involves compromising third-party systems to obtain and sell sensitive data.
However, Aviral Verma, lead threat intelligence analyst at Securin, expressed doubt about ShinyHunters' involvement in the Santander breach. Meanwhile, McAfee has issued an advisory stating that ShinyHunters claimed to have gained access to data belonging to 30 million Santander customers.
It is not clear whether the figure of 12,786 people only involves U.S. employees or others. It is worth noting that the third-party database did not contain any transactional data or account credentials.
Santander Bank will notify customers, employees, and regulators about the data breach, and has already warned thousands of U.S. employees about the potential data breach. The bank emphasizes that it is taking all necessary steps to protect its customers and employees and is working closely with law enforcement agencies to investigate the matter.
Given the situation, the finance sector and Santander Bank, in particular, should heighten their cybersecurity measures to prevent further threats, considering the advanced technology used by cybercriminals like ShinyHunters. It's crucial for businesses to invest in threat intelligence that can help identify and respond to cyber threats, thus safeguarding customer and employee information.
![Remote Access Application: Swift PC Control [Compatible with PC, iOS, and Android]](/en/content/images/size/w1280/format/webp/20250730040842_pc-remote-control-app.jpeg)
