Finastra, a London-based financial software provider for top global banks, is investigating a potential data breach after a hacker claimed to have compromised its internal file-transfer system
In a statement to TechCrunch, Finastra spokesperson Sofia Romano confirmed that the fintech giant found “suspicious activity” on November 7 using an “internally hosted Secure File Transfer Platform (SFTP).”
Following a rumor on a well-known cybercrime site that someone was selling stolen files purportedly belonging to Finastra’s biggest banking customers, cybersecurity writer Brian Krebs broke the news of the incident. The hacker claimed to have 400 gigabytes of Finastra data, including internal documents and client files, in a since-deleted forum post.
Krebs was able to obtain a customer-shared incident disclosure from Finastra, which acknowledged the theft of data from its systems. Finastra first informed customers about the issue on November 8 and has been “keeping them informed about what we do and do not yet know about the data that was posted,” according to a spokesman who declined to provide TechCrunch with a copy of the disclosure.
The data seller asserts that IBM Aspera, a file-transfer program that enables businesses to move big files and data sets over the internet, is the source of the stolen data from Finastra’s network, while Finastra declined to identify the hacked file-transfer platform.
When TechCrunch contacted Finastra, they declined to comment on the number of impacted clients or the types of data accessed during the hack.
In an emailed statement, Finastra spokesperson Romano stated, “We are evaluating and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised, while also analyzing affected data to determine which specific customers were affected.” “We are working as fast as we can to rule out affected customers, as not all customers use the impacted SFTP platform.”
Finastra stated that the company is still investigating the underlying cause of the data breach, despite the initial evidence suggesting compromised credentials. This suggests that the organization suffered a compromise due to the theft of someone’s username and password. We currently don’t know if the system used multi-factor authentication, which can prevent some credential theft attacks.
