Spanish bank Santander has said data managed by an external party was recently accessed without permission, affecting some of its clients and all of its current staff.
“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,” the bank said in a statement on Tuesday.
“Certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed.”
The bank, which is the eurozone’s second-largest lender, has around 210,000 staff worldwide, according to its latest quarterly report. It has some 15 million clients in Spain and nearly four million in Chile.
Customer data was not affected in any of Santander’s other markets and businesses, it said.
Santander said it “immediately implemented measures to contain the incident” and that “no transactional data or credential that would allow transactions to take place were contained in the database, including online banking details and passwords”.
The bank added that its operations and systems are not affected, meaning customers can continue to make transactions securely.
The news comes after a string of data theft hacks last year centred on the popular file transfer tool MOVEit. Some of Europe’s biggest banks were affected, including Germany’s Deutsche Bank and Commerzbank AG, as well as the Netherlands’ ING Group.
Santander did not elaborate further on the breach but said it had blocked the compromised access to the database and established additional fraud prevention controls to protect customers that were affected.
The bank said it had notified regulators and law enforcement and would continue to work closely with them, while also proactively contacting affected customers and employees directly.