Cyber Incident Victim: Banco Santander

In late October 2020, an anonymous source contacted The Register alleging that approximately 2GB of internal data from Santander’s international money transfer service PagoFX had been stolen and offered for sale on an underground hacking forum. The claimed breach included database schemas, infrastructure documentation, digital risk assessments, customer security checks, and Salesforce training materials. According to the report, the files originated from a compromised third-party software developer engaged by PagoFX rather than direct infiltration of Santander’s systems. Santander confirmed detecting a data leak in August 2020 but declined to elaborate on specifics beyond stating its core banking infrastructure remained unaffected. The bank characterized the incident’s severity as overstated, emphasizing that no sensitive personal information or payment data was accessed during the breach.

Santander’s public response clarified that PagoFX’s internal systems were not compromised and reiterated the security of its payment infrastructure. Analysis of the leaked data indicated it primarily contained non-critical materials such as sample source code, internal procedural documents, and cybersecurity policy templates rather than operational customer data or financial records. The bank assured customers that services could continue uninterrupted and described the exposed information as posing no direct risk to user accounts or transactions. Law enforcement agencies initiated an investigation into the cyber intrusion, though no further details regarding suspects or attribution were disclosed. Santander maintained its position that the incident did not impact its operational integrity or customer security throughout subsequent media inquiries.