Santander confirms data breach affecting customers across the world

One of the world’s biggest bank suffers a third-party data breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Some customers of Santander may have had theirdata stolenfollowing a supply-chain attack targeting one of the bank’s third-party providers.

The company confirmed the news in a breach notification letter to customers, noting “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider."

“We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers.”

Baphomet arrested

Subsequent investigation into the incident uncovered that the victims are customers of Santander Chile, Spain, and Uruguay. Unfortunately, localized Twitter accounts (Spain and Chile) have no warnings or no information about the breaches. The Chile website, however, does display a warning.

Some of the stolen data belongs to some current and former employees. “Customer data in all other Santander markets and businesses are not affected,” the company confirmed.

Santander has a presence in many countries around the world, the UK, the US, and Mexico, included, with more than 140 million customers overall.

The company did not explain who the threat actors were, what they were trying to achieve, or what type of data they stole. It did say that transactional data, user credentials, and any other information that would allow financial transactions, were not found in the compromised database, and are thus secure.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The bank’s operations and systems are not affected, so customers can continue to transact securely,” it concluded.

The breach notification letter concludes with a mandatory apology for inconvenience caused, and a confirmation that affected individuals would be notified in due time. “We have also notified regulators and law enforcement and will continue to work closely with them,” Santander said.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats