Santander Bank recently alerted thousands of U.S. employees about a data breach that may have compromised their direct deposit bank account information and Social Security numbers. The breach occurred through a third-party database hack, which took place on April 17 and was discovered on May 10, 2024. The unauthorized access affected employee data used for direct deposits between late April and early May, leading the bank to block access to the affected systems and implement additional protective measures.
The breach impacted 12,786 individuals, though it is unclear whether this number includes only U.S. employees or others as well. Previously, Santander had issued a statement on May 14, 2024, warning that customers in Chile, Uruguay, and Spain were also affected by a separate third-party database hack, which involved all current and some former employees worldwide.
The compromised third-party database did not contain any transactional data or credentials that could be used to access account information. Santander has assured that it would notify all affected customers, employees, and regulators about the breach and is taking further actions to safeguard its systems.
There is ongoing debate among researchers about who is responsible for the breach. The threat group ShinyHunters, associated with BreachForums, claimed in late May to have gained access to data belonging to 30 million Santander customers, according to an advisory from McAfee.
Reference:
