The ShinyHunters computer hacker group claims to have compromised the personal details, including payments information, of millions of Santander and Ticketmaster customers.
Santander confirmed that a breach had occurred in a statement published earlier in May, with the hackers later advertising the data for sale on a dark web forum, although Santander has not confirmed the accuracy of the claims.
According to the BBC, ShinyHunters claims to have accessed the 30 million customers’ bank account details, six million account numbers and balances, 28 million credit card numbers and HR information for the bank’s staff, of which there are more than 200,000 worldwide spread across Europe, Asia, Africa and the Americas.
“We recently became aware of an unauthorised access to a Santander database hosted by a third-party provider,” Santander’s May statement read.
“We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank’s operations and systems are not affected, so customers can continue to transact securely.”
The sale of the Santander data was advertised shortly after ShinyHunters claimed to have hacked the Ticketmaster platform. Again, the group claims to have accessed the names, addresses, phone numbers and partial credit card details of 560 million customers.
The BBC states that LiveNation, the parent company of Ticketmaster – one of the world’s largest ticketing platforms – confirmed that there had been unauthorised access to data, but asserts that the incident has not had a significant impact.
A LiveNation statement read: “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”
The BBC reports that ShinyHunters is demanding a payment of $500,000 (£400,000), or it will sell the Ticketmaster customer data to third parties. The Australian government is working on the case, and the BBC adds that the FBI has offered to assist.
