Hackers threaten to sell Santander customer details for $2M: report

A hacker group is attempting to auction off confidential data allegedly obtained from Santander, according to an advertisement on a hacking forum seen Friday by the Financial Times.

The collective ShinyHunters has listed the stolen Santander data on a hacker forum with an asking price of $2 million (£1.6 million). The hack purportedly includes the bank account details of some 30 million customers, the balances of 6 million accounts, 28 million credit card numbers, and human resources details about the bank’s employees.

“Santander is also very welcome if they want to buy this data,” said the ad, first spotted by a researcher at Dark Web Informer, The Guardian reported.

Santander has declined to confirm the hackers’ claim that it was one of the largest cyberattacks on a bank, the Financial Times reported.

The data hack advertisement comes two weeks after the Spanish bank informed customers a third-party provider’s database had been compromised. Information related to customers in Chile, Spain and Uruguay had been accessed, as was information on current staff and some former employees, Santander confirmed May 14.

“Customer data in all other Santander markets and businesses are not affected,” Santander said at the time, according to a statement seen by The Guardian.

“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” the bank said last month, adding that it had notified regulators and was working with police in their investigation of the cyberattack.

ShinyHunters, formed in 2020, claimed responsibility for a Ticketmaster breach last week that reportedly affected 560 million customer accounts.

The hacker group has listed the purported data cache, which it claims is 1.3 terabytes in size, for sale on the dark web with an asking price of $500,000, The New York Times reported.

ShinyHunters has also reportedly hacked information related to Microsoft and AT&T. In a press release in March, the telecom company confirmed the breach impacted roughly 70 million people, including its past and current customers, according to The New York Times.

The hackers' claims could also be a publicity stunt, some experts told the BBC.

Cybersecurity researchers at Hudson Rock assert that the purported Santander data breach and the Ticketmaster incident are connected to an ongoing hack targeting the cloud storage company Snowflake. Hudson Rock has communicated with the perpetrators behind the alleged Snowflake hack, who claim to have gained unauthorized access to Snowflake’s internal systems by compromising the login credentials of an employee, according to the BBC.

Snowflake, for its part, said it was aware of potential unauthorized access to some customer accounts and that it seemed the hackers used the login credentials to access a demonstration account of a former firm employee. The company asserted the account “did not contain sensitive data.”

“We have no evidence suggesting this activity was caused by any vulnerability, misconfigurationor breach of Snowflake’s product,” Snowflake said, according to the BBC.

The financial services industry in the U.S. has seen an uptick in data breaches — 744 in 2023, compared with 138 in 2020, according to Statista.

“Financial services businesses will often hold huge amounts of data they collect as part of their client onboarding process such as debit and credit card numbers, passports, address information, and other ID documents,” Ben Marsh, an underwriter at insurer Chaucer Group told the Financial Times. “This data is highly valuable and is regularly traded on the dark web.”