Fintech Giant Finastra reports data breach
Learn More
Finastra, a major financial technology firm that serves 45 of the world's top 50 banks, is reporting a data breach affecting its internal file transfer platform.
The company, headquartered in London with offices in 42 countries, processes substantial volumes of digital files containing wire and bank transfer instructions for approximately 8,100 financial institutions globally.
The breach occurred through Finastra's internally hosted file transfer platform, with initial evidence pointing to compromised credentials. The threat actor gained unauthorized access to the system without deploying malware or tampering with customer files. The breach was first detected by Finastra's security team on November 7, 2024, though evidence suggests the intrusion may have occurred earlier, as the threat actor had already attempted to sell the stolen data on October 31, 2024.
Update - The security incident was caused by an attacker using compromised credentials to access one of Finastra's Secure File Transfer Platform (SFTP) systems. The firm says that its investigation so far shows no evidence that the breach extended beyond its SFTP platform.
The threat actor, operating under the pseudonym "abyss0," initially listed the stolen data for sale on BreachForums with an asking price of $20,000, which was later reduced to $10,000. Interestingly, the cybercriminal subsequently vanished from both Telegram and BreachForums, abandoning the well-established cybercrime persona and multiple pending sales opportunities.
The company notified its customers on November 8, 2024, after discovering that a cybercriminal was attempting to sell over 400 gigabytes of allegedly stolen data.
According to Finastra's disclosure, the breach did not directly impact customer operations or systems, and the threat actor did not deploy malware or tamper with customer files. The company claims that only the exfiltrated files were viewed or accessed. The exact number of affected individuals or institutions has not been disclosed.
Update - as of 12th of February 2025, Finastra reports that the investigation, conducted with the assistance of third-party cybersecurity experts, revealed that an unauthorized party had access to the company's SFTP system between October 31, 2024, and November 8, 2024. This platform was used by Finastra to provide technical support to its customers.
Exposed data types included:
- Names
- Financial account information
- Additional sensitive information (specific details may vary by individual)
The total number of affected individuals has not been disclosed.
