Finastra, a major financial technology provider serving some of the largest banks globally, is investigating an alleged data breach involving its internal file transfer platform. The incident, first reported on November 7, 2024, involves a cybercriminal claiming to have exfiltrated over 400 gigabytes of sensitive customer data, which has since been put up for sale on a dark web forum.
Scope of the Breach
The company detected unusual activity in its secure file transfer protocol (SFTP) platform and promptly notified its customers. While Finastra has stated that the breach did not impact customer operations or involve malware deployment, the intruder reportedly accessed and extracted sensitive data. Screenshots posted on the dark web show directory listings of files associated with major banking clients, raising concerns about the potential exposure of financial transaction data.
Investigation and Response
Finastra confirmed that the incident stemmed from compromised credentials and has been working closely with affected clients to understand the breach’s impact. The company has since replaced the compromised platform with an alternative secure file-sharing system and has been sharing Indicators of Compromise (IOCs) with customers’ security teams.
Finastra’s CISO is actively engaging with client security teams to provide updates on the eDiscovery process, which aims to identify affected customers and assess the full scope of the breach. Not all customers use the affected platform, and Finastra is prioritizing accuracy and transparency as it communicates findings.
Potential 400gb of Stolen Data
The alleged attacker, using the alias “abyss0,” began selling the stolen data on the BreachForums platform. Initial sales attempts date back to October 31, with more explicit mentions of Finastra and its clients surfacing in early November. Interested buyers have been directed to communicate via Telegram, though details about the exact nature of the stolen data remain unclear.
Brian Krebs reported that the threat actor “abyss0” initially listed the stolen Finastra data for $20,000 in late October, later dropping the price to $10,000 by early November. An active cybercriminal, they had previously advertised databases from dozens of other breaches over the past six months. The timeline of this breach indicates that the attacker may have accessed Finastra’s systems well before the suspicious activity detected by the company on November 7.
As of now, abyss0 has since vanished. Their Telegram account was suspended or deleted, and their BreachForums profile, along with all related sales threads, disappeared shortly afterward.
Moving Forward
Finastra could face legal challenges from clients whose data was compromised in the breach. Financial institutions impacted by this incident may seek damages for any regulatory fines, reputational harm, or operational disruptions they experience as a result. Additionally, class-action lawsuits from end customers of affected banks could emerge if personal financial data is confirmed to have been part of the stolen information.
Restoring trust will be a critical priority for Finastra moving forward. While the company has taken steps to address the immediate aftermath, including replacing the compromised platform and communicating proactively with clients, it must go further to reassure its customers.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
