Finastraa London-based financial software company that serves many of the world’s biggest banks, has confirmed it is investigating a data breach after a hacker claimed a compromise of the internal file transfer platform of the company.
In a statement given to TechCrunch, Finastra spokesperson Sofia Romano confirmed that the fintech giant had detected what it called “suspicious activity” related to a “secure file transfer platform (SFTP) hosted internally” on November 7.
News from the breach, first reported by cybersecurity journalist Brian Krebs, comes after someone claimed on a popular cybercrime forum to sell stolen files allegedly belonging to Finastra’s largest banking clients. In a since-deleted forum post, the hacker said he was in possession of 400 gigabytes of Finastra data, including customer files and internal documents.
In an incident disclosure shared with customers, obtained by Krebs, Finastra confirmed that data had been exfiltrated from its systems. The Finastra spokesperson, who declined to share a copy of the disclosure with TechCrunch, said the company first communicated the incident to customers on Nov. 8 and was “keeping them informed of what we are doing and are not yet aware of the published data.” »
Finastra declined to name the compromised file transfer platform, but the data vendor says the data stolen from Finastra’s network came from IBM Aspera, file transfer software that allows organizations to move files and large datasets on the Internet.
Asked by TechCrunch, Finastra did not specify how many customers are affected or what types of data were accessed during the breach.
“We are analyzing the affected data to determine which specific customers have been affected, while simultaneously evaluating and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised,” the spokesperson said. word of Finastra, Romano, in a press release sent by email. “The affected SFTP platform is not used by all customers…so we are working as quickly as possible to exclude affected customers.”
Finastra added that the company continues to investigate the root cause of the data breach, but said “initial evidence indicates that credentials were compromised.” This suggests that the organization was compromised by the theft of a person’s username and password. It is not yet clear whether the system was protected by multi-factor authentication, which can prevent some credential theft attacks.