Hackers are attempting to sell confidential information including the bank and credit card numbers of millions of Santander customers to the highest bidder.
ShinyHunters posted an advert on a hacker forum for the data, which it says also includes staff HR details, with an asking price of $2m (£1.6m). It is the same organisation that claims to have hacked Ticketmaster.
In the post outlining the data it claims to hold the hacker collective taunts the bank, stating: “Santander is also very welcome if they want to buy this data.”
Santander, which employs 200,000 people including about 20,000 in the UK, confirmed that it had been hacked a fortnight ago.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” it said in a statement issued on 14 May.
“Customer data in all other Santander markets and businesses are not affected.”
At that time Santander apologised for “the concern this will understandably cause” and said it was “proactively contacting affected customers and employees directly.”
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” it said, adding that its banking systems were unaffected so customers could continue to “transact securely.”