Data of 30M Santander customers for sale, ShinyHunters take the spotlight


Two weeks after Santander Bank announced a cybersecurity incident, ShinyHunters, a notorious threat actor, has posted data for sale on BreachForums, an illicit marketplace. The breach allegedly affects 30 million customers from Spain, Chile, and Uruguay.

Santander is the largest banking group in Spain by a considerable margin and one of the world’s best-known financial services groups.

ShinyHunters claims to have the records of 30 million customers, six million account numbers and balances, 28 million credit card numbers, HR employee lists, consumer citizenship information, and “much more.”

The data is being offered for a price of $2 million as a one-time sale.

“Santander is also very welcome if they want to buy this data,” the threat actor’s post reads.

The bank previously acknowledged that it’s aware of unauthorized access to the database hosted by a third-party provider.

“It has affected clients of Santander Chile, Spain, and Uruguay as well as employees of the institution,” Santander confirmed on May 14th, 2024.

The Dark Web informer, a dark web tracker on X, reviewed 6,346 rows of data in the provided CSV sample and concluded that it appears legitimate “on first look.”

Santander also confirmed that client funds were safe and that there was no indication of any compromised passwords or keys. The bank also “has activated its protocols to manage these cases, blocking access to the information that was irregularly accessed.”

“The bank's operations and systems, meanwhile, have not been affected and are functioning normally,” Santander said and warned to be alert customers to be aware of phishing schemes.

That’s the second huge data trove ShinyHunters has put for sale on the recently rebooted illicit marketplace BreachForums. Earlier this week, they announced a bargain price of $500,000 for the alleged customer dataset of 560 million Ticketmaster users.

ShinyHunters has a track record of multiple high-profile data breaches that have cost their victims, including Microsoft, Mashable, and Pluto TV, tens of millions of dollars. In spring 2022, the cybergang breached AT&T and T-Mobile within days of each other, exfiltrating the personal data of a combined 110 million users.