Cyberattackers advertise 30 million Santander accounts for sale
A cyberattack gang claiming responsibility for hacking banking group Santander has reportedly asked for $2m to a buyer, including the bank itself, on the dark web. The escalation in the evolving Santander cyber breach comes as insurer Chaucer revealed more than 20 million financial services customers in the UK had their data stolen in cyberattacks last year, a jump of 143%.
ShinyHunters, which also claimed responsibility for last week’s cyberattack against event company Ticketmaster, has reportedly advertised for sale 30 million Santander personal bank account details, six million account numbers, 28 million credit card numbers and HR information on staff. Some experts have linked the attacks on both companies to a breach of cloud Snowflake, although the company has not confirmed the details other than to say it is investigating and that any breaches are because of poor security on customers’ accounts.
ShinyHunters claimed to have stolen personal details for up to 560 million customer accounts held by Ticketmaster, part of the wider Live Nation group, and is reported to have issued a $500,000 ransom demand. The group is alleged to have also scraped partial payment data, including the last four digits of credit card numbers and expiration dates.
Ticketmaster has not confirmed the number of affected accounts, but a breach across its customer base would make it one of the largest on record. It said it is investigating the breach, with its booking systems unaffected, and is working with customers to mitigate risk.
Santander confirmed its breach last week, during which data for all staff, and some former staff, as well as customers in Spain, Chile and Uruguay was exposed. Santander assured customers that online banking details and passwords were safe and not accessed during the breach; it also confirmed UK customers are not affected.
But Chaucer warns that UK financial services customers face a high risk of their data being stolen. Pension funds are increasingly at risk from cybercriminals, the insurer said, with 38% of cybersecurity breaches at UK financial firms last year targeting the pension sector.
Ben Marsh, class underwriter at Chaucer, said: “The main effort of cyberattacks on a pension fund or a bank is rarely the theft of assets held by the bank. More often, it is an attempt to steal personal data that can then be resold or held for extortion as part of a ransomware attack.
“Financial services businesses will often hold huge amounts of data they collect as part of their client onboarding process such as debit and credit card numbers, passports, address information, and other ID documents. This data is highly valuable and is regularly traded on the dark web.”
Marsh added that financial services firms are also thought to be more susceptible to blackmail, in order to save their reputation for data security.