Banco Santander, one of the world’s largest banks with over 140 million customers across Europe and the Americas, announced a major data breach. The Banco Santander Data Breach has impacted clients and staff in Spain, Chile, and Uruguay.
Santander Data Breach Details: What Happened?
Santander revealed an unauthorized actor had accessed a database hosted by one of its third-party service providers. With a footprint spanning Spain, the United Kingdom, Brazil, Mexico, and the United States, the bank relies on technology partnerships to support its diverse financial offerings globally.
By gaining access to the unprotected database, the threat actor was reportedly able to acquire Santander customer information managed within that system.
The bank now faces challenges in addressing the leak, mitigating harm, and reviewing security controls not only internally but also with all vendors involved in managing sensitive user data on its behalf.
“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,”
Reads the statement on Santander Bank Data Breach.
Santander Bank Data Breach: Aftermath
Upon discovering the database breach, Banco Santander said it took immediate action to contain the incident. This included blocking the unauthorized access to the compromised third-party database containing customer information.
The bank also implemented additional fraud prevention controls aimed at protecting customers whose data was exposed in the countries impacted. Santander noted it deployed extra screening and monitoring capabilities to better safeguard accounts and transactions of affected individuals of the Santander bank cyberattack.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain, and Uruguay, as well as all current and some former Santander employees of the group, had been accessed”.
Banco Santander
While Banco Santander did not specify what types of customer information was involved, it noted transaction records and online banking login credentials were not exposed. The breach impacted only certain markets where the bank operates.
Santander affirmed its systems and operations in Spain, Chile and Uruguay – the countries affected – remain fully functioning. It asserted customers may continue accessing all services as normal without concerns.
In addition, all other geographies where the bank has a presence were unaffected. The financial institution also pledged to directly notify both customers and employees in the involved nations if their personal data was involved in the exposure.
Santander will further report the incident to relevant law enforcement authorities as required.
As of now Banco Santander has not provided an immediate comment responding to questions on the impacted third-party service provider, size of the breach in numbers of affected customers, and the type of personal data exposed.