Preparing Gambling Operators for ECCTA 2023...
A new provision of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces a significant corporate criminal offence known...
Read MoreOn May 14th, Santander disclosed that unauthorised access to a database hosted by a third-party provider had been detected. The bank immediately took steps to contain the incident, including blocking the compromised access and enhancing fraud prevention controls. Despite these efforts, customer information from Santander’s operations in Chile, Spain, and Uruguay had been accessed. Fortunately, data from other Santander markets, including the UK, was unaffected.
The specifics of the accessed data include bank account details, account numbers and balances, credit card numbers, and HR information for employees. ShinyHunters, the group claiming responsibility for the breach, has allegedly posted on hacking forums, boasting about the data haul. It is being reported that the stolen data is being advertised for sale on the dark web.
The breach has not only affected millions of customers but also all of Santander’s 210,000 employees globally, including 20,000 in the UK. However, Santander has assured that the compromised database did not contain transactional data or credentials that would allow unauthorised transactions, such as online banking details and passwords. Customers have been able to continue to transact securely, as the bank’s core banking systems were not impacted.
Inevitably, such incidents are also used by fraudsters to socially engineer customers, using the news of the data breach as a hook to contact potential victims, pretending to be from Santander and offering advice. This can lead to the customer unwittingly authorising transactions to a fraudster’s account, for example, in the belief it is a ‘safe account’ provided by the bank to protect their money.
The breach at Santander, involved unauthorised access to a database hosted by a third-party provider. This incident highlights a growing concern in the industry: the risks associated with third-party service providers. In recent months, several financial institutions have experienced similar breaches. For instance, in February, Bank of America had to warn over 57,000 customers about a data leak resulting from a ransomware attack on one of its technology partners, Infosys McCamish Systems (IMS). In March, Fidelity Investments Life Insurance Company and American Express faced similar breaches involving third-party providers.
The Santander cyber hack is another demonstration of the growing threat posed by online criminals to both businesses and consumers. Reports recently suggested ShinyHunters are demanding a £400,000 ransom from Ticketmaster to prevent its data from being sold on the dark web, though the online ticket seller has not acknowledged the breach publicly.
Recent UK corporate targets of cyber attacks include vet group CVS in April, law firm IT provider CTS in November, and outsourcing giant Capita in late 2023. These incidents highlight the pervasive risk of online criminal activity and the significant impact such breaches can have on a company’s reputation.
For financial institutions like Santander, even smaller breaches can significantly undermine customer confidence, which is crucial in the competitive banking arena. The growing cyber hack risk necessitates continuous improvements in cybersecurity measures to protect sensitive information and maintain trust with customers.
At AJC, we understand the potential risks posed by third-party providers. Businesses must maintain a clear understanding of where their data resides and the systems on which it is stored. Proactive threat assessments and regular reviews of third-party risks should be standard practice to prevent such incidents.
AJC offers a range of cyber security services to help organisations strengthen their defences. From independent reviews of cyber safeguards to expert guidance on cyber security plans and policies, we provide cost-effective solutions tailored to your needs. Our experienced team can also step in as your Chief Information Security Officer (CISO) and offer expert commentary to navigate cyber security incidents effectively. With our services, you can ensure robust cyber security measures without the expense of recruiting a full-time employee. Find out more.
Please contact us on 020 7101 4861 if you think we can help.
Image accreditation: Rodion Kutsaiev (January 2023) from Unsplash.com. Last accessed on 17th June 2024. Available at: https://unsplash.com/photos/a-blue-and-red-pattern-with-a-toothbrush-on-top-of-it-LB70HoF46IU
A new provision of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduces a significant corporate criminal offence known...
Read MoreBlack Friday, renowned for its retail bargains and record-breaking sales, is increasingly being dubbed “Black Fraud Day” due to the...
Read MoreInsider fraud can strike when you least expect it, causing significant harm to businesses and individuals alike. But how well...
Read More