May 2024 has been a big month for Cyber attacks, and therefore a busy month for Cybersecurity and IT professionals. In the last week of May, the hacker group “ShinyHunters” claimed they had hacked Ticketmaster, with over half-a-billion accounts stolen, and now Santander has confirmed that over 30 Million accounts have been exposed.

No Ambulance Chasing here

First let me say that we take no pleasure in reporting or writing about these kinds of attacks, and this is not an attack on Santander (or Ticketmaster), as I’m sure they are doing their level best under the circumstances.

Consultants Like Us are the first to say there is no such thing as 100% secure, therefore whilst it is not a guarantee that you will be hacked, or suffer a breach, the chances of it happening will never disappear.  We consider this risk as being the same as going for a walk in Yorkshire – you’ll never be 100% sure that it won’t rain – so you should always be prepared!

What we know about the Santander cyberattack 

On the 31st May we learned that the bank, which employs over 200,000 people world wide (including 20,000 in the UK) had over 30 million account details stolen. The accounts are for customers in Spain, Chile and Uruguay, and for all its current and previous employees.

Santander have done the right thing in releasing details of the attack and therefore being proactive in arming people with the awareness that their account details may be part of the cache of data that is now being shared on the Dark Web.

So, what does this mean to us? Well, here is the Good, Bad and the Ugly news.

The Good News

It’s good to see Santander being open about this attack and making people aware of what has actually happened (as far as they know).

Santander have stated that "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."

The exact breakdown of the stash of data (as we know it) is;

• 30 million people’s bank account details

• 6 million account numbers and balances

• 28 million credit card numbers

• HR information for staff

There is no doubt that there is a lot of activity taking place to understand how this happened, and what can be done to ensure this is an isolated event. Consultants Like Us applaud their efforts and wish them every luck in this endeavour, because we know what it’s like when an attack like this happens – So dear reader, be assured that there will be a lot of people working on this, for some time to come.

The Bad News

More bad news is coming, because with two very prominent hacks taking place in less than 7 days tells us that something else is going on.  This was confirmed by security experts who said that both the Ticketmaster and Santander attacks could be linked to the Cloud provider, ‘Snowflake’. 

Snowflake are a major Cloud storage provider for the some of the world largest organisations, including Adobe, AT&T, Capital One, HP, Mastercard, NBC Universal, Pepsi, Siemens, Western Union, Yamaha, and many others.

Reports from organisations like ‘BleepingComputer’, state that the hacks (of Ticketmaster and Santander) was caused when the hacker group hacked into an employees account.

The hackers are claiming they have obtained the details of 400 companies that store their data with Snowflake. If this is true, this could be one of the biggest hacks in history, and all because one employee’s account was compromised.

The Ugly News

If these details are correct, then this could be the start of a new wave of attacks.  There will be more information to come over the next few weeks, and no doubt it will be reported in various ways across social and mainstream media.

We have to rely on someone to protect our data – we trust Ticketmaster, we trust Santander.  Ticketmaster and Santander trust Snowflake. Snowflake trust their systems and their people.

The ugly truth is that there is no such thing as 100% secure and therefore nothing can be trusted 100%.  In Cybersecurity we have the principle of a ‘zero trust’ model, or as I prefer to say ‘Trust, but verify’. This is true of systems, as it is news reports and people!

What should we do now?

This depends on who you are, and what your concerns are.  If Snowflake are your Cloud storage provider I would be contacting them to speak to your account manager about what has happened and what additional security controls you need to implement.

If you are a customer of Ticketmaster or Santander, you should speak to them about what has happened, but also consider enabling 2FA on your accounts, or changing your security controls (such as passwords, or ‘hints’ etc). 

Following any kind of attack like this, scammers will be sharing phishing emails, and text messages, or calling people under the guise of being from one of these companies. 

Talk to your relatives about this attack. Share the story on Facebook, Instagram etc so that people are aware of what has happened. Remind them not to hand over any details to callers or people who email, without first checking that they are legitimate.

If you are concerned about security, be proactive and take steps to make the data that could be in the hands of cybercriminals, worthless.

More questions?

Finally, if you are truly concerned about what has happened please contact us and we can offer additional advice and guidance on what you can do to protect yourself, your loved ones and your business.