Fintech For 45 Of 50 Top Banks Confirms Data Breach
Finastra, a global leader in financial technology that serves 45 of the world’s top 50 banks, has confirmed a major data breach impacting its internal file transfer system. The London-based firm, which facilitates vital banking and wire transfers for over 8,100 financial institutions worldwide, detected the breach on Nov. 7.
The breach targeted Finastra’s internally hosted Secure File Transfer Platform, or SFTP, which was exploited using stolen credentials—essentially, a username and password. The attacker claims to have leveraged IBM Aspera, a high-speed file transfer tool to exfiltrate data from Finastra’s systems.
The cybercriminal, known by the alias “abyss0,” first advertised the stolen data for sale on BreachForums, a notorious online marketplace for cybercrime, on October 31. Initially priced at $20,000, the data’s asking price was later halved to $10,000. After gaining attention, “abyss0” disappeared, erasing their presence on both BreachForums and Telegram. This sudden retreat suggests they either secured a buyer or sought to avoid further scrutiny.
Scope of the Compromised Data
The data breach at Finastra resulted in the theft of approximately 400 gigabytes of compressed information. Although the full scope of the compromised data is still being investigated, early findings suggest that the breach included:
- Client Data: Files containing sensitive information from major banking clients, which may include transaction details and financial records.
- Internal Documents: Confidential materials related to Finastra’s operations and services.
Finastra has clarified that the attacker did not use malware or alter any customer files within their systems. However, the unauthorized extraction of this data still raises concerns about client confidentiality and security.
Finastra’s Response To The Data Breach
In a statement provided to me, Finastra said it has been “actively and transparently responding to our customers questions and keeping them informed about what we do and do not yet know about the data that was posted,” and that “initial evidence points to credentials that were compromised.” As to determining the scope of the breach, Finastra explains that they are working to determine which customers were affected:
“In terms of eDiscovery, we are analyzing the data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers and is not the default platform used by Finastra or its customers to exchange data files associated with a broad suite of our products, so we are working as quickly as possible to rule out affected customers. However, as you can imagine, this is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications.” If you believe you may have been impacted by this breach, Finastra should be contacting you: “for any customers who are deemed to be affected, we will be reaching out and working with them directly.”
According to their statement, Finastra has done the following to address the incident in an effort to minimize its impact and reassure stakeholders:
New File-Sharing Platform: The company replaced the compromised file-sharing system with an alternative, reportedly secure platform. This measure was described as essential for maintaining uninterrupted client services while reducing the likelihood of additional breaches through the previously affected infrastructure.
Notification Within 24 Hours: Finastra stated that it notified impacted clients within 24 hours of detecting the breach. The company claimed this step was part of its effort to maintain transparency, providing preliminary details and recommendations to help clients monitor for any potential suspicious activity.
Direct Engagement by the Chief Information Security Officer: The company’s Chief Information Security Officer, or CISO, took an active role in coordinating with clients’ security teams. According to Finastra, this approach was intended to facilitate effective communication and ensure that critical information was shared to help mitigate risks associated with the breach.
Analysis of Compromised Data: Finastra also disclosed that it had initiated a detailed review of the stolen data. The purpose of this analysis, according to the company, was to identify affected clients and determine the extent of the compromise and guide remediation efforts.
link