Spanish financial institution Santander recently announced that it suffered a data breach in which victims accessed databases hosted by third-party providers.
Immediately after the breach, Santander moved to limit the scope of the breach by blocking access to the compromised database. While not mentioning the provider by name, the press release said anti-fraud controls have also been established to protect customers affected by the breach.
“The database does not contain any transaction data or credentials that enable transactions with your account, such as online banking details or passwords.” According to a statement from Santander. It also pointed out that the bank's operations and systems will not be affected and customers can continue trading if they wish.
During its investigation into the cyber incident, the company discovered that information about some former Santander employees, as well as information about customers based in Chile, Spain and Uruguay, had been accessed.
Third parties appear to be becoming one of the main causes of many data breaches, but Santander is not the first financial institution to experience such disruption, and it probably won't be the last. In February, Bank of America warned that 57,000 customers affected A ransomware attack on one of our technology partners, Infosys McCamish Systems (IMS), resulted in a data breach involving sensitive materials. Over the next month, Fidelity Investments Life Insurance Company was required to notify approximately 30,000 customers that: Third party data breach This information was also compromised via IMS. And in the same month American Express has notified customers Credit card information was exposed in a breach involving a third-party service provider used by the company's travel services division.
In an emailed statement to Dark Reading, Martin Greenfield, CEO of Quod Orbis, said: “Businesses need to understand where their data resides, the systems on which it is stored and the potential presented by third-party providers. We need to continue to have a clear understanding of the risks involved.” “Many believe that updating fraud controls after a breach is akin to closing the stable door after a horse has jumped out. Proactive threat assessment and regular third-party risk management Reviews should be standard practice.”
It is unclear exactly how many customers were affected, but Santander said it has contacted affected customers and employees and notified regulators and law enforcement.