Santander third-party database suffers breach impacting staff and customers

Santander has announced that one of its third-party managed databases has suffered a breach.

After an investigation, Santander found that customer data in Chile, Spain and Uruguay was accessed during the breach, while all of the bank’s current employees across the group were impacted by the incident.

Santander currently has more than 211,000 employees around the world.

Some ex-staff members also had their information accessed in the breach.

"We recently became aware of an unauthorised access to a Santander database hosted by a third-party provider," said the bank in a statement. "We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers."

The Spanish bank assured customers that no transactional data or credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.

None of Santander's operations or systems were impacted by the data breach.

"We apologise for the concern this will understandably cause and are proactively contacting affected customers and employees directly," continued Santander. "We have also notified regulators and law enforcement and will continue to work closely with them."

Guy Golan, chief executive and executive chairman of UK cyber firm Performanta, told National Technology News that while Santander has done the right thing by issuing a statement on the incident, the bank has fallen short on establishing who was responsible for the breach.

"The issue is the confusion on third parties," he said. "Santander has not established who the third parties are, whether they themselves were malicious or not or how access was made."

The chief executive praised the bank for mentioning mitigating factors and database monitoring, however explained that as Santander is a multinational bank it's likely these methods have been in place for a long period.

"Their ability to respond proactively has been lacking which means Santander has not been able to truly defend itself from future attacks; the bank only responds what has already happened and caused damage," he continued. "Early detection was certainly a positive in this case, but it relies too much on luck."

Santander declined National Technology News' request for further comment.

Share Story:

Recent Stories

Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.