A third-party-run database at Santander has suffered a breach impacting both customers and employees at the bank.

After an investigation, Santander found that customer data in Chile, Spain and Uruguay was accessed during the breach, while all of the bank’s current employees across the group were impacted by the incident.

Santander currently has more than 211,000 employees around the world.

Some ex-staff members also had their information accessed in the breach.

"We recently became aware of an unauthorised access to a Santander database hosted by a third-party provider," said the bank in a statement. "We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers."

The Spanish bank assured customers that no transactional data or credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.

None of Santander's operations or systems were impacted by the data breach.

"We apologise for the concern this will understandably cause and are proactively contacting affected customers and employees directly," continued Santander. "We have also notified regulators and law enforcement and will continue to work closely with them."

Guy Golan, chief executive and executive chairman of UK cyber firm Performanta, told FStech that while Santander has done the right thing by issuing a statement on the incident, the bank has fallen short on establishing who was responsible for the breach.

"The issue is the confusion on third parties," he said. "Santander has not established who the third parties are, whether they themselves were malicious or not or how access was made."

The chief executive praised the bank for mentioning mitigating factors and database monitoring, however explained that as Santander is a multinational bank it's likely these methods have been in place for a long period.

"Their ability to respond proactively has been lacking which means Santander has not been able to truly defend itself from future attacks; the bank only responds what has already happened and caused damage," he continued. "Early detection was certainly a positive in this case, but it relies too much on luck."

Santander declined FStech's request for further comment.

---