Finastra has confirmed that it has warned users about a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum.
Finastra is a financial software company serving more than 8,000 institutions in 130 countries, including 45 of the world’s top 50 banks and credit unions. The company employs 12,000 people, and last year, it reported $1.7 billion in revenue.
The security incident occurred on November 7, 2024, when an attacker used compromised credentials to access one of Finastra’s Secure File Transfer Platform (SFTP) systems.
The firm says its investigation so far, supported by outside cybersecurity experts, shows no evidence that the breach extended beyond its SFTP platform.
The firm’s software services include lending solutions, payment processing, cloud-enabled retail and banking platforms, and trading risk management tools.
Brian Krebs First reported that Finastra experienced a security breach after seeing a data breach notification sent to a victim yesterday.
The attack is believed to be linked to a recent post on a hacking forum, where a threat actor named “abyss0” claimed to have sold 400GB of stolen data from Finastra.
Asked about the forum post, a Finastra spokesperson would neither confirm nor deny whether the data belonged to them, only telling BleepingComputer that they had experienced a limited-scope security breach. and they are currently evaluating its impact.
“On November 7, 2024, Finastra’s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) that we use to send files to certain users,” Finastra said. Told BleepingComputer.
“We immediately initiated an investigation with a third-party cyber security firm and, as a precautionary measure, the platform was isolated and contained. The incident was limited to one platform and that There was no lateral movement beyond.”
The company also clarified that the compromised SFTP platform was not used by all of its customers, nor was it the default platform used by Finastra for file exchange.
However, the exact impact and scope of the breach is still being investigated, and determining who was affected may take some time to complete.
Those deemed affected will be contacted directly, so Finastra is not expected to make public disclosures.
It’s worth noting that the threat actor who posted the data samples earlier this month has since deleted the post, so it’s unknown if the data was sold to a buyer or ‘abyss0’. I was suddenly disturbed by the publicity.
In March 2020, Finestra suffered another major cyber security incident when it happened. Hit by ransomware actors.
At the time, the fintech company was forced to take parts of its IT infrastructure offline in response to the threat, which caused service disruptions.
Although the source of the initial access was unknown, reports from threat monitoring platforms highlighted the firm’s risk management strategy regarding the vulnerability, noting that it used older versions of Pulse Secure VPN and Citrix servers. is using