Finastra is investigating a data breach affecting its internal file-transfer platform, reportedly compromising thousands of documents and client files. The breach was detected on November 7, 2024, and was publicly confirmed on November 8, following a hacker’s claim on a cybercrime forum offering access to 400 gigabytes of stolen data. The London-based fintech, which serves many of the world’s top banks, is currently working to understand the scope and impact of the breach on its clients.
Finastra experienced suspicious activity on its Secure File Transfer Platform (SFTP), prompting immediate investigation by its security team. According to spokesperson Sofia Romano, initial evidence suggests that compromised login credentials facilitated the breach. The company has not disclosed how many clients are impacted or the specific nature of the accessed data but is analyzing the affected data to identify the impacted customers. “We are working as quickly as possible to rule out affected customers,” Romano added, indicating that the compromised platform is not the one used by all customers.
Cyber journalist Brian Krebs first reported the breach, noting that the incident was linked to sales postings by a hacker on BreachForums. The hacker, using the alias “abyss0,” claimed to have exfiltrated files from Finastra’s system and began advertising the data for sale. In October, abyss0 opened a sales thread but did not initially specify the victim company. By mid-November, however, they had directly targeted Finastra’s clients and offered screenshots as proof of the stolen data, including file directory listings.
In response, Finastra has been proactive, assuring customers of its continued operations. The company communicated to clients that there was “no direct impact on customer operations” and has implemented an alternative secure file-sharing platform. Despite this reassurance, the breach raises concerns about the security measures in place, especially considering that Finastra previously suffered a ransomware attack in March 2020.
Cybersecurity challenges faced by university networks
Finastra employs over 7,000 people and serves around 8,100 financial institutions globally, processing massive volumes of digital files tied to financial transactions. This extensive network is what makes a breach like this particularly concerning. The company emphasizes that its ongoing investigations will provide further clarity on the nature and scope of the incident.
Current status of investigationsAs investigations continue, Finastra remains focused on providing updates to its customers. The cybersecurity landscape is rapidly evolving, and breaches like this accentuate the importance of robust security practices. The company’s commitment to transparency has been reinforced through ongoing communications with its clients, sharing Indicators of Compromise (IOCs), and maintaining direct engagement between its Chief Information Security Officer (CISO) and customer security teams.
The affected SFTP platform is not universally employed across all Finastra products, which may mitigate the impact for some clients. However, the time-consuming process of cataloging the data involved and determining which customers may have been compromised underscores the complexity of the situation.
With abyss0 reportedly vanishing from relevant platforms, including BreachForums and Telegram, the motivations behind the breach and potential subsequent actions taken by the hacker remain unclear.
Featured image credit: