How to find out if you are one of the victims of Santander data theft

The bank clarified that not only were regulators and security forces promptly notified of this digital breach, but also “we are proactively informing directly affected customers and employees.” This is exactly what “we have demanded from Santander Bank and we know they will do immediately,” says Enrique Solis, a UCC lawyer. He insists that “in this message they should tell users what of their data was stolen and explain the measures that were taken to prevent any damage.” At the same time, the expert clarifies: “They say that passwords were not compromised, but if first names, last names, addresses and identification numbers were compromised, problems could arise because hackers could sell them to third parties for fraudulent recruitment. ” “.

Despite all this, Solis argues that once an organization comes into contact with victims, “they must be very vigilant about any allegations that may be made, as well as links or messages that may be sent to them.” Given that this digital divide happened “over the weekend” and the public announcement was made yesterday, Solis says they haven’t received many inquiries about it yet, although “they will certainly start coming in in the coming days.” , he is advancing.

Solis downplays the issue because “this type of hack has been commonplace for many years,” although he emphasizes that “in this case we are talking about an organization the size of Santander Bank being affected.” But yes, this removes all responsibility from the entity, which “we assume has all possible firewalls in place and is working properly, notifying the situation accordingly,” but emphasizes that this is a fact that may have consequences “if” They saw data” compromised, such as affiliations, addresses, identity documents, bank contracts or insurance policies.” And the UCC emphasizes that “it is not at all reassuring that even courts and tribunals have their bank accounts with the specified organization and have seen their discretion violated.”

Unauthorized payments

For its part, the Organization of Consumers and Users (OCU) also warns of the “possible use of personal data” in “fraudulent” transactions, especially through emails, SMS or phone calls that impersonate companies or organizations “in order to obtain bank details and make payment at the consumer’s expense.” However, OCU reminds that a “no payment” made by a user as a result of fraud “may be considered authorized” and therefore “should be automatically reimbursed” by the banking institution.

In this regard, it is stated that the European Banking Authority (EBA) defines unauthorized payment transactions as fraudulent, as well as those in which the “payer was manipulated” into accepting the payment order. In fact, he also argues that the Civil Code, in Article 1265 et seq., holds that consent “shall be void if given in error.”

“The OCU demands that the Bank of Spain apply sanctions to those financial institutions that, having learned about fraud, refuse to automatically reimburse the stolen money. The organization believes that the burden of proof should not be on the consumer, but on payment service providers, who have tools to prevent and limit fraud, such as IBAN verification in the recipient’s name or KYC. protocols,” he concludes.