Santander Flags Data Breach Hitting Some Clients, All Staff

Banco Santander SA said data managed by an external party was accessed without authorization, affecting information of clients and staff.

“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,” the Spanish lender said in a release on Tuesday. “Certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed.”

The bank said it has “immediately implemented measures to contain the incident.” It added that “no transactional data or credential that would allow transactions to take place were contained in the database.”

Santander has about 210,000 employees globally. It services more than 15 million clients in Spain and almost 4 million in Chile, according to its first-quarter report.

“Cybersecurity and data strategy remained a top priority of our agenda during the year, recognizing the importance of having adequate defenses and security controls in place against increasing threats,” Santander Executive Chairman Ana Botin said in the firm’s 2023 annual report.

The report also said the lender is developing a new IT platform “to properly assess and manage the risks in outsourcing and third-party agreements.” That’s partly a reaction to increased cyber risks, it said.

Last year several EU lenders including Deutsche Bank AG, Commerzbank AG and ING Groep NV saw their client data compromised. The breach happened when a criminal hacking group obtained access to data of thousands of clients whose requests to change accounts had been transferred to an external data provider.

Photograph: The Banco Santander logo. Photo credit: Paul Hanna/Bloomberg