Finastra Data Breach: Fintech Giant Confirms Data Exfiltration, Some Customers May Be Impacted

by | Nov 28, 2024

Leading fintech services provider Finastra has confirmed that 400 GB of stolen data offered on BreachForums is connected to a real data breach, though it is still not certain exactly how much legitimate information the hacker is offering or exactly what it consists of.

Finastra boasts thousands of customers around the world, and counts 45 of 50 of the biggest banks among those. Some of those will now be receiving data breach notifications, though the attack on the fintech platform reportedly only impacted a particular server used for a limited number of clients. Exactly who was impacted and to what extent remains a mystery, as does the method by which the hacker gained access.

Fintech company alerts some of its customers of potential data access

The only clue to the origin of the data breach is a Finastra statement that claims it “likely” began with stolen credentials. The company says the intrusion is still under investigation and that it does not have a final word on the root cause just yet.

The company has had some security woes before. In 2020 the fintech platform was taken offline for a few days as it recovered from a ransomware attack. That incident’s origins were also kept clouded in mystery, but some security researchers noted vulnerable Citrix routers or a Pulse Secure VPN might have been to blame. The hacker mentioned exploiting IBM Aspera file transfer software as part of the attack, though it remains unclear if one of the recent disclosed and patched vulnerabilities it has had were involved.

The first indication of the data breach appeared to be when the hacker, going by “abyss0,” offered the stolen information for sale on BreachForums near the end of October. That initial request (at a $20,000 price tag) was discounted by 50% with a second post a week into November, at which time the fintech platform appeared to become aware of the attack independently. The hacker claimed to have access to 10 TB of data during the second run, indicating they may have tripped an alarm when returning to steal more information.

Data breach details still unclear

It’s unclear if the data was ever sold, but something certainly spooked the hacker since then as they have wiped out their entire BreachForums and Telegram presence. This may be due to the size and prominence of Finastra, and its integration as a fintech firm into banking critical infrastructure. Hackers that have gone after targets of this caliber have often found international law enforcement quickly shining a spotlight on them in response.

Finastra says that it is still investigating the “scope and nature” of the data breach. What is clearer is the nature of the company’s internal information that was stolen, something the hacker included in their BreachForums postings: things like employee credentials, backup files and source code. What is less clear is how the firm’s clients are impacted. The company says that only one secure file transfer (SFTP) platform, limited to use by certain clients, was penetrated by the hacker; clients that are impacted are being contacted privately. There is still no good public information on what those clients might have lost.

Recent Posts

How can we help?

1 + 8 =

× How can I help you?