Hackers are trying to sell what they claim are the bank account details of 30 million Santander customers for $2 million.
Earlier this month, Santander confirmed that a data breach at a third party provider had exposed some client and employee data.
Now, in a post on a hacking forum, the ShinyHunters gang is offering to sell a trove of data, including 30 million bank account details; 28 million credit card numbers; six million account numbers and balances; and HR information on the bank's 200,000 staffers.
The asking price is $2 million, says the post, adding: "Santander is also very welcome if they want to buy this data."
Earlier this week, the ShinyHunters hackers also claimed responsibility for an attack on TicketMaster. They have previously hit telco AT&T.
However, according to the BBC, experts are urging caution, suggesting that the TicketMaster sale may have been a stunt to bring attention to a new hacking forum replacing one that the police had taken down.
In a statement on the attack two weeks ago, Santander said a bank database hosted by a third party had been accessed. The breach, it said, affected operations in Spain, Chile and Uruguay.
Added the bank: "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank's operations and systems are not affected, so customers can continue to transact securely."