© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Finastra launches investigation into data breach


Finastra, a London-based financial software company, has confirmed it’s investigating a data breach after a hacker claimed to have exfiltrated corporate data.

Finastra states that the company detected ‘suspicious activity’ around an internally hosted Secure File Transfer Platform (SFTP) on November 7.

One day later, a threat actor with the moniker ‘abyss0’ posted a message on BreachForums, a popular hacking forum on the dark web, claiming he had stolen files belonging to some of Finastra’s largest banking clients.

Allegedly, ‘abyss0’ stole approximately 400 gigabytes of confidential data, but wouldn’t say what type of information he was able to lay his hands on.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently. We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing,” Finastra told cybersecurity journalist Brian Krebs in a statement.

The disclosure goes on, saying that the threat actor didn’t deploy malware or tampered with any customer files. The company promises to remain focused on determining the scope and nature of the data breach.

“Additionally, we have been sharing Indicators of Compromise (IOCs) and our CISO has been speaking directly with our customers’ security teams to provide updates on the investigation and our eDiscovery process,” the statement concludes.

Finastra is currently looking into what customers are affected by the data breach and promises to keep in touch with them.

“We are analyzing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers, so we are working as quickly as possible to rule out affected customers,” Finastra’s spokesperson Sofia Romano told TechCrunch in an emailed statement.

She states that initial evidence points out that compromised credentials were most likely the root cause of the data breach.

Finastra is an international operating financial technology firm with offices in 42 countries and a reported revenue of $1.9 billion last year. The company was formed in 2017 by the combination of London-based Misys, a provider of financial operations software, and global payments and lending technology provider D+H. As of writing, more than 7,000 people work at Finastra, serving over 8,000 financial institutions worldwide.


Leave a Reply

Your email address will not be published. Required fields are marked