Fintech Giant Finastra Confirmed Data Breach; After Hacker Claimed 400 GB Data Theft
Finastra has confirmed the news of the data breach that has affected their internal Secure File Transfer Platform (SFTP). The hacker has posted the stolen data for sale at breachforums.
Finastra has confirmed a major data breach affecting its internal file transfer system. Finastra spokesperson Sofia Romano confirmed this latest data breach news in a statement, in an interview with TechCrunch, that Finastra detected a “suspicious activity” related to an “internally hosted Secure File Transfer Platform (SFTP)” on November 7.
What is Finastra?
Finastra is a global leader in financial technology that serves 45 top world banks out of 50. It is a London-based firm that facilitates vital banking worldwide for over 8100 financial institutes. Finastra has offices in around 42 countries. It reported a revenue of $1.9 billion last year.
What was the Matter?
Finastra detected the breach on 7th November 2024. On November 8, 2024, Finastra notified its customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.
This breach targeted the internally hosted Secure File Transfer Platform(SFTP) of Finastra. It was exploited using stolen credentials – mainly username and password. Since Finastra has refused to reveal the name of File Transfer Platform. The attacker claims to have leveraged IBM Aspera, a high-speed file transfer tool to exfiltrate data from Finastra’s systems.
Incident Summary Provided by Finastra
Image source: https://krebsonsecurity.com/wp-content/uploads/2024/11/finastra-notice.png
Finastra Spokesperson Sofia Romano said
“We are analyzing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers… so we are working as quickly as possible to rule out affected customers.”
Which Data was Compromised?
The hacker claimed to steal 400 Gb data from Finastra. However, the exact compromised data is still being investigated. The data compromised includes files containing client’s sensitive information like major banking information, transaction details and financial records. The other information that is compromised contains the confidential data of Finastra.
Hackers Put the Stolen Data on Sale
The cybercriminal, known by the alias “abyss0,” first advertised the stolen data for sale on BreachForums on October 31 initially priced at $20,000. The data’s asking price was later halved to $10,000.
After gaining attention, “abyss0” disappeared, removing its presence from both BreachForums and Telegram. This sudden retreat suggests they either secured a buyer or sought to avoid further scrutiny.
Image Source: https://krebsonsecurity.com/2024/11/fintech-giant-finastra-investigating-data-breach/
Image Source: https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack
What Measures Did Finastra Take?
Finastra have taken following measures to deal with this data breach:
- The company has replaced the compromised file transferring system with the new secured system to maintain the client services seamlessly.
- Finastra has notified all its clients within 24 hours after detecting the breach.
- The Chief Information Security Officer or CISO of the company is actively coordinating with the client security team to ensure effective communication.
- The company is keenly analyzing the data to determine the affected customers and to calculate the extent of data compromise.
