Best Practices

Santander Data Breach Exposes Over 12,000 US Employees' Information

Santander reveals a data breach affecting over 12,000 US-based employees, exposing personal and bank account information. This breach, linked to the Snowflake incident, highlights ongoing cybersecurity vulnerabilities.
Share on social media
TL;DR - A data breach at Santander, linked to the Snowflake cloud storage provider, exposed the personal and bank account information of over 12,000 US-based employees. The breach, discovered on May 10, 2024, involved unauthorized access to a third-party database starting from April 17. The hacking group ShinyHunters claimed responsibility, alleging possession of millions of bank and credit card details. Santander is offering two years of free identity protection and credit monitoring to affected employees.

In a recent disclosure, Santander, one of the world's largest banking institutions, revealed that over 12,000 of its US-based employees had their personal and bank account information compromised. This breach, connected to the cloud storage provider Snowflake, highlights significant vulnerabilities in the cybersecurity landscape.

The Incident Unfolded

The breach occurred on May 10, 2024, when Santander discovered that unauthorized individuals had accessed records from a third-party database used by one of its affiliates. The compromised data included names, Social Security numbers, and bank account information used for direct deposit and payroll.

Timeline of the Breach

According to Santander, the unauthorized access began on April 17, 2024, and was not discovered until May 10. This prolonged access allowed hackers ample time to extract sensitive information.

The Culprit: ShinyHunters

The hacking group ShinyHunters, notorious for their cybercriminal activities, claimed responsibility for the breach. They allegedly possess data from 30 million individuals, including bank account details and credit card numbers. This breach is part of a broader campaign that has impacted multiple organizations using Snowflake's cloud services.

Immediate Actions and Notifications

Santander promptly informed regulators of the breach and began sending notification letters to the affected employees. The bank is offering two years of free identity protection and credit monitoring services to those impacted.

Broader Impact of the Snowflake Incident

Santander was among the first to report a breach related to the Snowflake incident, which has since affected other major organizations, including Ticketmaster, Advance Auto Parts, and LendingTree. These breaches have collectively exposed millions of records, prompting a widespread review of cloud security practices.

Mitigating Future Risks

The breach underscores the necessity for robust cybersecurity measures, especially for organizations relying on third-party cloud services. Steps that companies can take include:

  • Enhanced Monitoring and Detection: Implementing real-time monitoring to detect unauthorized access promptly.
  • Regular Security Audits: Conducting frequent security audits of third-party services to ensure compliance with security standards.
  • Multi-Factor Authentication (MFA): Enforcing MFA across all access points to add an extra layer of security.
  • Employee Training: Educating employees about cybersecurity best practices and the importance of data protection.

The Santander data breach serves as a stark reminder of the evolving cyber threats facing organizations today. As cybercriminals become increasingly sophisticated, it is imperative for companies to bolster their security measures and remain vigilant against potential threats. This incident highlights the critical need for comprehensive security strategies to protect sensitive information in an ever-changing digital landscape.


1. What happened in the Santander data breach?
Over 12,000 US-based Santander employees had their personal and bank account information leaked in a data breach connected to the cloud storage provider Snowflake.
2. When did Santander discover the breach?
Santander discovered the breach on May 10, 2024, after noticing unauthorized access to records from a third-party database used by one of its affiliates.
3. What information was compromised in the breach?
The compromised information includes employees' names, Social Security numbers, and bank account information used for direct deposit and payroll.
4. How is Santander responding to the breach?
Santander is providing affected employees with two years of free identity protection and credit monitoring services and has notified relevant regulators about the breach.
5. Were customer accounts impacted by the breach?
No transactional data or credentials that would allow transactions on customer accounts were contained in the compromised database.
6. Who is believed to be behind the breach?
The hacking group known as ShinyHunters has claimed responsibility, alleging possession of 30 million bank account details and 28 million credit card numbers.
7. What other companies were affected by the Snowflake incident?
Other affected companies include Ticketmaster, Advance Auto Parts, LendingTree, and the Los Angeles Unified School District.
8. What measures is Snowflake taking in response to these breaches?
Snowflake has hired security firms Mandiant and Crowdstrike to investigate and confirmed that the breaches were due to stolen credentials obtained through infostealing malware.
9. How long did the attackers have access to Santander's data?
The attackers had access to the data from April 17, 2024, until it was discovered on May 10, 2024.
10. What are the potential risks for employees whose data was stolen?
The risks include identity theft and fraud, given that personal information such as Social Security numbers and bank account details were compromised.
Most popular
Subscribe to know first

Receive monthly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.