The US subsidiary of Spain-based bank Santander is notifying more than 12,000 employees that their personal information was compromised in a third-party data breach.
The incident was identified on May 10, and involved a third-party database used by an affiliate between late April and early May 2024, the bank said in a notification letter to the affected individuals, a copy of which was submitted by Santander Holdings USA to the Maine Attorney General’s Office.
As part of the attack, the bank said hackers obtained from the database records containing employee names, Social Security numbers, and bank account information used for payroll.
“Upon learning of the issue, we promptly took steps to protect our systems, including blocking access to the affected system. We continue to take preventative actions to further safeguard our systems,” Santander said.
The bank told the Maine AGO that the incident impacted 12,786 employees.
The incident appears to be related to a data breach that the global banking group disclosed in mid-May, which was later revealed to be related to the massive attack on improperly protected Snowflake customer accounts.
At the time, Santander said that the information of customers in Spain, Chile, and Uruguay, and all current and former employees was compromised after a threat actor accessed one of its databases hosted by a third-party provider.
As part of the Snowflake campaign, threat actors used credentials harvested through infostealer malware that infected non-Snowflake owned systems, to access customer accounts that did not have multi-factor authentication (MFA) enabled.