Finastra, a major financial software provider that serves many of the world’s leading banks, is grappling with a data breach.
The company confirmed the incident to TechCrunch following a hacker’s claim of compromising Finastra‘s internal file-transfer platform and subsequent attempts to sell the stolen data.
Cybersecurity journalist Brian Krebs first brought the breach to public attention when a hacker, on a known cybercrime forum, offered 400 gigabytes of data allegedly plundered from Finastra.
This trove of information reportedly included sensitive client files and internal Finastra documents.
While Finastra confirmed to Krebs that data was indeed exfiltrated from its systems in an incident disclosure shared with customers, the company declined to provide TechCrunch with a copy of this disclosure.
Finastra spokesperson Sofia Romano revealed that the company first detected “suspicious activity” on 7 November, specifically within an “internally hosted Secure File Transfer Platform (SFTP).”
The hacker selling the data alleges it originated from IBM Aspera, a widely used file-transfer software. However, Finastra has not corroborated this claim.
Currently, Finastra is unable to disclose the number of affected customers or the precise nature of the compromised data.
“We are analysing affected data to determine what specific customers were affected,” Romano stated, adding that the compromised SFTP platform is not utilised by all Finastra customers.
In parallel, Finastra is “assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised,” ensuring continued service for unaffected clients.
Initial findings indicate the breach may have resulted from compromised user credentials, suggesting the theft of usernames and passwords.
Whether multi-factor authentication was implemented on the compromised system remains unclear.
Finastra’s investigation into the root cause of the breach is ongoing.
Featured image credit: Edited from Freepik