CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Financial Software Firm Finastra Investigating Data Breach

Finastra is investigating a data breach after a hacker claimed the theft of information from an internal file-transfer application.

Finastra data breach

UK fintech giant Finastra is investigating a data breach after a hacker offered for sale on an underground forum data allegedly stolen from the company.

Roughly two weeks ago, the financial software firm notified its customers of suspicious activity on an internal file-transfer application used to exchange data with certain customers.

“We immediately launched an investigation alongside a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform,” Finastra told SecurityWeek in an emailed statement.

The company also pointed out that it has found no evidence that the threat actor moved laterally to other systems beyond the affected file-transfer platform.

“Importantly, this was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra’s customer operations or systems,” the company said.

Finastra confirmed that it was aware that a hacker had claimed on a dark web forum that they exfiltrated data from its system, noting that it has informed customers of the claims and has been in contact with them, responding to questions related to the posted data and sharing indicators of compromise (IoCs).

“We are continuing to investigate the root cause, but initial evidence points to credentials that were compromised. The source of the compromise is a priority aspect of the investigation,” Finastra said.

The company says that the affected platform is not the default file-transfer application used for data exchanges, and that not all customers were using it.

Advertisement. Scroll to continue reading.

“We are working as quickly as possible to rule out affected customers. This is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications,” the company said.

Investigative journalist Brian Krebs first reported the incident after a threat actor using the moniker ‘abyss0’ announced on a dark web cybercrime forum that they were selling 400 gigabytes of data allegedly stolen in the attack and belonging to the fintech giant’s customers.

Based on other posts by abyss0, it appears that they compromised Finastra’s file-transfer platform in late October and attempted to sell the stolen information on at least two different occasions.

According to Krebs, however, the hacker’s accounts used for the sale have since disappeared, along with the sales threads, which suggests that they either found a buyer or they got scared.

Finastra provides software and services to roughly 8,000 financial institutions worldwide, including 45 of the top 50 banks. Based in London, the company has offices in 42 countries.

“According to Bitsight data, global financial institutions are highly dependent on Finastra. More than 20% of all credit unions, around 50% of accounting firms, and nearly 50% of investment banking firms use Finastra. In total, more than 10% of all financial institutions globally use Finastra technology,” cyber risk management provider Bitsight said in an emailed comment.

Related: Form I-9 Compliance Data Breach Impacts Over 190,000 People

Related: America First Policy Institute, a Group Advising Trump, Says Its Systems Were Breached

Related: Web Giants to Submit User Data as EU Law Comes Into Effect

Related: Shangri-La Hotels Customer Database Hacked

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.