.png)
Recently, Santander Bank announced that an unauthorized access to a database hosted by one of its providers could potentially lead to the theft of customer information. This information could be used by cybercriminals to launch vishing or smishing campaigns. The bank has stated that the breach has only impacted Spain, Chile, and Uruguay and has notified the National Securities Market Commission (CNMV) as required by law.
The attack also affected all employees and some former employees of the company. It is believed that malicious agents exploited a vulnerability in the database provider to access and steal customer information. While transactional data and banking access credentials are not at risk as they have a more robust security system, criminals could use the customer information for fraudulent purposes.
Banco Santander is expected to inform the affected clients but not via phone calls, likely through email. Vishing involves impersonating a bank employee on the phone to obtain sensitive information from users, while smishing uses text messages pretending to be from the bank to access confidential data or make financial charges. Both techniques are part of the “fake agent” scam.
The Organization of Consumers and Users (OCU) has urged the bank to personally notify affected clients about the leaked information and associated risks. Security measures taken by the bank include awareness notifications, pop-up ads in the app, and additional authentication factors. Victims should contact the banking entity and the National Cybersecurity Institute (INCIBE) if they suspect they may be potential victims of this cyberattack. Customers should stay vigilant and take necessary precautions to protect their information from further exploitation.
