Finastra, a prominent global entity in financial technology that caters to 45 of the world’s leading 50 banks, has reported a significant data breach affecting its internal file transfer system. The London-based company, which supports essential banking and wire transfer operations for over 8,100 financial institutions globally, identified the breach on November 7.
The breach specifically targeted Finastra’s internally managed Secure File Transfer Platform (SFTP), which was compromised through the use of stolen credentials, namely a username and password. The perpetrator claims to have utilized IBM Aspera, a high-speed file transfer application, to extract data from Finastra’s systems.
The cybercriminal, operating under the alias “abyss0,” initially offered the stolen data for sale on BreachForums, a well-known online platform for cybercriminal activities, on October 31. The data was originally listed at $20,000, but the asking price was subsequently reduced to $10,000. Following this, “abyss0” vanished, eliminating their presence on both BreachForums and Telegram, indicating they may have either found a buyer or wished to evade further investigation.
Extent of the Compromised Data
The data breach at Finastra led to the theft of around 400 gigabytes of compressed data. While the complete extent of the compromised information is still under examination, preliminary findings indicate that the breach encompassed:
• Client Data: Files containing sensitive information from significant banking clients, potentially including transaction details and financial records.
• Internal Documents: Confidential materials pertaining to Finastra’s operations and services.
Finastra has stated that the attacker did not employ malware or modify any customer files within their systems. Nevertheless, the unauthorized extraction of this data raises significant concerns regarding client confidentiality and security.
Finastra’s Response To The Data Breach
Finastra has issued a statement indicating that it is “actively and transparently responding to our customers’ inquiries and keeping them informed about what we know and do not yet know regarding the posted data,” adding that “initial evidence suggests that credentials have been compromised.” Regarding the assessment of the breach’s extent, Finastra elaborates on its efforts to identify the customers impacted:
“With respect to eDiscovery, we are currently analyzing the data to ascertain which specific customers have been affected, while also evaluating and communicating which of our products are not reliant on the specific version of the compromised SFTP platform. It is important to note that the affected SFTP platform is not utilized by all customers and is not the default platform for data file exchanges associated with a wide range of our products. Therefore, we are expediting our efforts to identify unaffected customers. However, this process is inherently time-consuming due to the presence of numerous large customers utilizing various Finastra products across different sectors of their operations. We are committed to maintaining accuracy and transparency in our communications.” If you suspect that you may have been impacted by this breach, Finastra will reach out to you: “for any customers identified as affected, we will be contacting them and collaborating directly.”
Finastra has outlined several measures taken to address the incident, aiming to mitigate its impact and reassure stakeholders:
1. Implementation of a New File-Sharing Platform: The organization has replaced the compromised file-sharing system with a new, secure platform. This action is deemed crucial for ensuring continuous client services while minimizing the risk of further breaches through the previously vulnerable infrastructure.
2. Timely Client Notification: Finastra reported that it informed affected clients within 24 hours of discovering the breach. This initiative was part of the company’s commitment to transparency, providing initial information and guidance to assist clients in monitoring for any unusual activity.
3. Direct Involvement of the Chief Information Security Officer: The Chief Information Security Officer (CISO) of the company actively engaged with the security teams of clients. Finastra indicated that this strategy was designed to promote effective communication and ensure the dissemination of vital information to help reduce risks related to the breach.
4. Comprehensive Analysis of Compromised Data: The company also revealed that it had commenced a thorough examination of the compromised data. This analysis aimed to identify the clients affected and assess the extent of the breach, thereby informing remediation strategies.
