Dive Brief:
- Santander warned thousands of U.S. employees that their Social Security numbers and bank account information for payroll-related direct deposits may have been obtained in a third-party database hack, according to filings with the Attorney’s General of Maine and Vermont.
- An unauthorized party gained access to the employee data used for direct deposits between late April and early May. Santander said it immediately blocked access to the affected systems and continues to take further action to protect its systems.
- The breach took place April 17 and was discovered May 10, according to the letter. A total of 12,786 people were impacted, according to the Maine AG’s office. However, it is not clear whether this figure involves just U.S. employees or others.
Dive Insight:
The bank issued a statement May 14, warning that information from customers of Santander Chile, Uruguay and Spain were accessed in a third-party database hack. That hack also affected all current employees worldwide and some former workers.
The third-party database did not contain any transactional data, nor any credentials that could be used to access account information, according to a statement from the bank’s Madrid office. Santander said it would notify customers, employees and regulators.
Researchers are split on who is responsible for the breach. The threat group ShinyHunters, which served as an administrator for BreachForums, in late May claimed it had gained access to data belonging to 30 million Santander customers, according to a McAfee advisory.
Aviral Verma, lead threat intelligence analyst at Securin, however, said the original poster is now "retired" and said "it's not possible to confirm ShinyHunters' involvement in the Santander breach at this moment."