Santander Falls Victim to Data Breach Involving Third-Party Provider

  /     /     /  
Publicated : 23/11/2024   Category : security


Santander Falls Victim to Data Breach Involving Third-Party Provider


The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.



Santander, a Spanish banking institution, has announced that it recently suffered a data breach in which a victim gained access to a database hosted by a third-party provider.
In the immediate aftermath of the breach, Santander moved to limit the scope of the intrusion by blocking access to the compromised database. Fraud prevention controls were also established to protect customers who were affected by the breach, it said though a press release, which did not mention the name of the provider.
No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,
according to a Santander statement
. It also noted that the banks operations and systems were not affected, which means customers can still carry out their transactions, should they choose.
In its investigation of the cyber incident, the company discovered that information relating to customers based in Chile, Spain, and Uruguay were accessed, as well as the information of select former Santander employees.
Third parties are seemingly becoming one of the primary causes of many data breaches, and Santander is not the first, nor likely the last, financial institution to experience such a disruption. In February, Bank of America warned more than 
57,000 affected customers
 of a data leak involving sensitive material, due to a ransomware attack on one of its technology partners, Infosys McCamish Systems (IMS). The following month, Fidelity Investments Life Insurance Company had to notify nearly 30,000 of its customers of a 
third-party data breach
 that had compromised their information, also via IMS. And in that same month, 
American Express notified its customers
 that their credit-card information was exposed in a breach that involved a third-party service provider used by the company’s travel services division. 
Businesses need to maintain a clear understanding of where their data resides, the systems it is stored on, and the potential risks posed by third-party providers, says Martin Greenfield, CEO of Quod Orbis, in an emailed statement to Dark Reading. Updating fraud controls after a breach is considered by many to be akin to closing the stable door after the horse has bolted; proactive threat assessment and regular reviews of third-party risks should be standard practice.
It is unclear exactly how many customers were affected, though Santander said it is contacting affected customers and employees and has notified regulators and law enforcement.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Santander Falls Victim to Data Breach Involving Third-Party Provider