Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Hackers are offering to sell the stolen personal details of millions of Santander customers and staff, two weeks after the Spanish bank warned many accounts had been compromised.
In an advert on a hacking forum, a group called ShinyHunters has offered data including bank account details of 30mn customers, numbers for 28mn credit cards, balances for 6mn accounts and personal information on staff.
A person with knowledge of the compromised data said the hackers’ claims of 30mn accounts was too high.
The details in the advert suggest that this is one of the largest cyber attacks on a bank, though Santander declined to verify the hackers’ statement.
The advert, seen by the Financial Times, offers to sell the data for $2mn and adds: “Santander is also very welcome if they want to buy this data.”
Two weeks ago, Santander admitted that a database hosted by a third-party provider had been compromised. The bank said that information about customers in Spain, Chile and Uruguay had been accessed, as well as for all current and some former staff.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” the bank said at the time.
It added that it had notified regulators and was working with police in their investigation of the hack.
Santander has about 20mn customers in the three markets where accounts were compromised and employs 200,000 people around the world.
ShinyHunters has also claimed responsibility for hacking 560mn customer accounts at Ticketmaster, as well as selling data stolen from US telecoms group AT&T.
Western banks have suffered a surge in cyber attacks in the past two years, which has been partly blamed on Russian hackers acting in response to sanctions placed on the country and its banks following its full-scale invasion of Ukraine.
The use of artificial intelligence by cyber criminals has also increased the number and sophistication of attacks.
Last year, the number of ransomware attacks in the finance industry rose by 64 per cent, and was nearly double 2021 levels, according to cyber security company Sophos.
JPMorgan was the victim of one of the biggest cyber attacks on a bank a decade ago when data on 83mn accounts — including 76mn households and 7mn business — were compromised.
“Financial services businesses will often hold huge amounts of data they collect as part of their client onboarding process such as debit and credit card numbers, passports, address information, and other ID documents,” said Ben Marsh, an underwriter at insurer Chaucer Group. “This data is highly valuable and is regularly traded on the dark web.
“Financial services firms are also thought to be more susceptible to the blackmail element of ransomware attacks. If a financial services firm loses its reputation for data security, then it could rapidly lose clients and could impact shareholder trust.”
Additional reporting by Hannah Murphy