Finastra, a global financial technology provider, is investigating a security breach involving its Secure File Transfer Platform (SFTP). The incident, detected on 7 November 2024, has raised concerns about potential data exfiltration by an unauthorised threat actor.
The breach was first publicly reported by cybersecurity journalist Brian Krebs, who noted that a data breach notification had been sent to an impacted individual. Shortly after, a post on a hacking forum by a threat actor using the alias “abyss0” claimed responsibility for the attack. The actor alleged that 400GB of data had been stolen from Finastra, sharing samples of the purported data to substantiate the claim. These samples were subsequently removed, leaving questions about whether the data was sold or withdrawn due to increased scrutiny.
Finastra isolates affected platform and reassures customers
Finastra responded by isolating the affected SFTP platform and initiating an internal investigation, supported by third-party cybersecurity experts. According to the company, the platform is used selectively for file-sharing purposes and is not the default system for transferring files. Other platforms, including Aspera, remain secure and unaffected by the incident.
In a statement provided to BleepingComputer, a spokesperson of Finastra described the breach as a “limited-scope security incident.” “On 7 November 2024, the firm’s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers,” the company explained. “We immediately launched an investigation alongside a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform. This incident was limited to the one platform, and there was no lateral movement beyond it.”
Finastra clarified that, based on initial findings, there is no evidence of malware deployment or tampering with customer files outside of those potentially exfiltrated. The company stated that credentials used to access the system appeared to be compromised, making the source of the breach a priority in the investigation.
The company emphasised that the affected system remains isolated while the investigation continues. It reiterated that there is no indication of lateral movement beyond the impacted platform. Additionally, Finastra is sharing Indicators of Compromise (IOCs) with its customers to assist in bolstering security measures across related systems.
Customers potentially impacted by the breach are being identified, and the company has confirmed it will notify them directly as findings are finalised. Finastra is also evaluating the scope of the data exfiltrated and whether it includes files related to any specific organisation.
The company reassured stakeholders that the breach has not affected its ability to provide services or maintain operations. An alternative secure file-sharing platform has been implemented to ensure continuity while the investigation proceeds. “There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” Finastra stated.
This breach follows a ransomware attack that targeted the fintech company in 2020, forcing parts of the company’s IT infrastructure offline and disrupting operations. At the time, cybersecurity experts raised concerns about outdated Pulse Secure VPN and Citrix systems in use at the company. While the current breach appears unrelated, it underscores the persistent challenges fintech providers face in maintaining robust cybersecurity defences.
Based in London, Finastra serves more than 8,000 financial institutions worldwide, including 45 of the world’s top 50 banks. The company’s services range from payment processing to lending platforms and risk management solutions. Despite the ongoing investigation.
Last month, Fidelity Investments, another firm operating in the financial services sector, reported falling victim to a data breach. In a filing with the Office of the Maine Attorney General, the US-based asset manager disclosed that the incident, which occurred in August, compromised the personal information of over 77,000 customers. Fidelity Investments further stated that it had engaged external security experts to investigate the breach and identify its cause.
Read more: Fidelity Investments reports data breach, impacting more than 77,000 customers
