BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?


Data Breaches

Santander Employee Data Breach Linked to Snowflake Attack

Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.

Santander Data breach

The US subsidiary of Spain-based bank Santander is notifying more than 12,000 employees that their personal information was compromised in a third-party data breach.

The incident was identified on May 10, and involved a third-party database used by an affiliate between late April and early May 2024, the bank said in a notification letter to the affected individuals, a copy of which was submitted by Santander Holdings USA to the Maine Attorney General’s Office.

As part of the attack, the bank said hackers obtained from the database records containing employee names, Social Security numbers, and bank account information used for payroll.

“Upon learning of the issue, we promptly took steps to protect our systems, including blocking access to the affected system. We continue to take preventative actions to further safeguard our systems,” Santander said.

The bank told the Maine AGO that the incident impacted 12,786 employees.

The incident appears to be related to a data breach that the global banking group disclosed in mid-May, which was later revealed to be related to the massive attack on improperly protected Snowflake customer accounts.

At the time, Santander said that the information of customers in Spain, Chile, and Uruguay, and all current and former employees was compromised after a threat actor accessed one of its databases hosted by a third-party provider.

As part of the Snowflake campaign, threat actors used credentials harvested through infostealer malware that infected non-Snowflake owned systems, to access customer accounts that did not have multi-factor authentication (MFA) enabled.

Advertisement. Scroll to continue reading.

Attributed to a financially motivated threat actor tracked as UNC5537, the campaign resulted in the accounts of 165 organizations being compromised, Mandiant revealed last week.

Related: Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach

Related: 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency

Related: Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent Data Breach

Related:Lighting Giant Acuity Brands Discloses Two Data Breaches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights