Santander responds to third-party data breach

Santander sign on a building.
Image courtesy of

Santander has reported a data breach at a third-party provider in which customer and employee information was accessed.

Following an investigation, the bank has found that customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group, had been exposed.

“We recently became aware of unauthorised access to a Santander database hosted by a third-party provider. We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers,” read a statement by the bank.

Apart from the aforementioned regions, customer data in all other markets and business have not been affected.

The bank has also stated that no transactional data or any credentials that would allow transactions to take place on accounts were contained in the affected database – this includes online banking details and passwords.

The statement continued: “The bank’s operations and systems are not affected, so customers can continue to transact securely. We apologise for the concern this will understandably cause and are proactively contacting affected customers and employees directly. We have also notified regulators and law enforcement and will continue to work closely with them.”

Although in this case the breach wasn’t too serious, data protection authorities across various markets have upped demands on banks to keep data safe. UniCredit, the second largest bank in Italy, has witnessed this first-hand.

The bank has been in a legal battle ever since it fell victim to a cyberattack that resulted in sensitive information including names, tax codes and other identification details of approximately 750,000 customers were leaked in 2018.

In relation to the severity of the breach, Italy’s data protection authority imposed a fine of €2.8m on UniCredit, which the bank has appealed.