The recent data breach at Santander Bank affected not just millions of customers, but also all of its staff, new reports have claimed.
The banking giant recently issued a breach notification letter saying following a supply chain attack, an unauthorized third party had accessed a database with sensitive customer information. It was later discovered that the attackers stole data from Santander’s banks in Chile, Spain, and Uruguay, while the rest of the world was not affected.
Now, researchers from Dark Web Informer found the infamous ShinyHunters hacking collective selling the database on the dark web, BleepingComputer reports.
Grabbing the spotlight
As per the hackers’ sales ad, the database contains personal information of 30 million customers and employees, as well as 28 million credit card numbers, as well as 6 million account numbers and balances. The asking price is $2 million.
As usual, the sales ad came with a small sample of the data to prove the claim’s legitimacy, but so far no threat researcher could confirm, or deny, the database belonging to Santander.
BleepingComputer pointed out that as per Santander’s Q1 2024 financial report, the company has fewer than 20 million customers across Chile, Spain, and Uruguay, while ShinyHunters are claiming 30 million.