Hackers are attempting to sell confidential information including the bank and credit card numbers of millions of Santander customers to the highest bidder.
ShinyHunters posted an advert on a hacker forum for the data, which it says also includes staff HR details, with an asking price of $2m (£1.6m). It is the same organisation that claims to have hacked Ticketmaster.
In the post outlining the data it claims to hold the hacker collective taunts the bank, stating: “Santander is also very welcome if they want to buy this data.”
Santander, which employs 200,000 people including about 20,000 in the UK, confirmed that it had been hacked a fortnight ago.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” it said in a statement issued on 14 May.
“Customer data in all other Santander markets and businesses are not affected.”
At that time Santander apologised for “the concern this will understandably cause” and said it was “proactively contacting affected customers and employees directly.”
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” it said, adding that its banking systems were unaffected so customers could continue to “transact securely.”
In a post on a hacking forum – first spotted by researchers at Dark Web Informer – ShinyHunters claimed it had the data of 30 million customers. It also claimed to have 6m account numbers and balances, and 28m credit card numbers.
Santander has not commented on the accuracy of the group’s claims.
It is claimed that ShinyHunters has managed to acquire the personal details of more than 500 million Ticketmaster customers, although the company has not yet publicly confirmed the breach.
According to reports, authorities in Australia and the US are engaging with Ticketmaster to understand and respond to the incident, with the hackers said to have gained access to the names, address, phone numbers and partial payments details of 560 million Ticketmaster customers.
ShinyHunters is said to be demanding a ransom payment of about £400,000 from Ticketmaster to prevent the data being sold on the dark web.