UK fintech giant Finastra is investigating a data breach after a hacker offered for sale on an underground forum data allegedly stolen from the company.
Roughly two weeks ago, the financial software firm notified its customers of suspicious activity on an internal file-transfer application used to exchange data with certain customers.
“We immediately launched an investigation alongside a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform,” Finastra told SecurityWeek in an emailed statement.
The company also pointed out that it has found no evidence that the threat actor moved laterally to other systems beyond the affected file-transfer platform.
“Importantly, this was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra’s customer operations or systems,” the company said.
Finastra confirmed that it was aware that a hacker had claimed on a dark web forum that they exfiltrated data from its system, noting that it has informed customers of the claims and has been in contact with them, responding to questions related to the posted data and sharing indicators of compromise (IoCs).
“We are continuing to investigate the root cause, but initial evidence points to credentials that were compromised. The source of the compromise is a priority aspect of the investigation,” Finastra said.
The company says that the affected platform is not the default file-transfer application used for data exchanges, and that not all customers were using it.
“We are working as quickly as possible to rule out affected customers. This is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications,” the company said.
Investigative journalist Brian Krebs first reported the incident after a threat actor using the moniker ‘abyss0’ announced on a dark web cybercrime forum that they were selling 400 gigabytes of data allegedly stolen in the attack and belonging to the fintech giant’s customers.
Based on other posts by abyss0, it appears that they compromised Finastra’s file-transfer platform in late October and attempted to sell the stolen information on at least two different occasions.
According to Krebs, however, the hacker’s accounts used for the sale have since disappeared, along with the sales threads, which suggests that they either found a buyer or they got scared.
Finastra provides software and services to roughly 8,000 financial institutions worldwide, including 45 of the top 50 banks. Based in London, the company has offices in 42 countries.
“According to Bitsight data, global financial institutions are highly dependent on Finastra. More than 20% of all credit unions, around 50% of accounting firms, and nearly 50% of investment banking firms use Finastra. In total, more than 10% of all financial institutions globally use Finastra technology,” cyber risk management provider Bitsight said in an emailed comment.
Related: Form I-9 Compliance Data Breach Impacts Over 190,000 People
Related: America First Policy Institute, a Group Advising Trump, Says Its Systems Were Breached
Related: Web Giants to Submit User Data as EU Law Comes Into Effect