Finastra discloses large-scale data breach


Finastra is investigating a large-scale data theft that allegedly compromised 400GB of its internal documents. The data has since been circulated on a hacker forum.

The London-based fintech company Finastra has notified its customers of a data breach that resulted in 400GB of private client and company data being allegedly sold on a cybercriminal forum.

The breach was first revealed by cybersecurity journalist Brian Krebs, who obtained a copy of the company’s security incident disclosure on November 8th, 2024.

ADVERTISEMENT

Finastra provides services to around 8,100 financial institutions globally, including

the majority of the world’s top 50 banks.

Finastra’s daily operations largely involve handling digital files with wire and bank transfer instructions for its clients. Last year, the company reported $1.9 billion in revenue.

Impact on customer operations

According to the breach notice, on November 7th, the company’s security team detected suspicious activity on Finastra’s “internally hosted file transfer platform.” The Secure File Transfer Protocol (SFTP) is a widely used method by organizations to securely transfer large files and datasets over the internet.

“On November 8th, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform,” Finastra states in the disclosure. The company claimed that there is “no direct impact” on customer operations and customers’ systems.

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the company’s notice reads.

“Furthermore, no files other than the exfiltrated files were viewed or accessed.”

ADVERTISEMENT

In a statement to Krebs, Finastra explained that the affected SFTP is not used by all customers and is not the default platform for exchanging data files related to its wide range of products.

Data sold on cybercriminal forum

Screenshots gathered by the cyber intelligence platform Ke-la.com reveal that attackers initially attempted to sell the data, which was allegedly stolen from Finastra, on October 31st.

The data was initially for sale on the hacker forum for $20,000. By November 3rd, the price had dropped to $10,000. The listing did not mention the victim company by name, which it did in the new post on November 8th.

According to Krebs, the forum posts indicate that the threat actor might have gained access to Finastra's file-sharing system at least a week before the company says it first detected suspicious activity.