HQ/EMEAFind out how we can help your business
Financial technology company Finastra released an advisory that warns its customers about a cybersecurity issue that resulted in the selling of its stored data.
The purported stolen data that the threat actors sell on a hacking forum has forced the company to investigate a data breach incident. The affected entity is a financial software firm that serves numerous institutions in nearly 130 countries.
Based on reports, the security breach occurred on November 7, 2024, when an attacker used compromised credentials to access one of the company’s Secure File Transfer Platform (SFTP) servers.
However, the company claims that its investigation has shown no evidence that the incident extended beyond its SFTP servers. The company’s software offerings include lending solutions, payment processing, cloud-based retail and banking platforms, and trading risk management tools.
The Finastra cyberattack is claimed by a threat actor named ‘abyss0.’
Investigations linked the Finastra cyberattack to a recent post on a dark web forum in which a threat actor dubbed “abyss0” claimed to sell 400GB of stolen data.
As of now, the company has yet to confirm or deny that the offered data on the dark web belongs to them. Still, a company representative revealed that they had suffered a limited-scope security breach and were currently assessing the impact.
Furthermore, the company explained that its Security Operations Center (SOC) identified unusual activity on November 7, 2024, involving an internally hosted Secure File Transfer Platform (SFTP) that the company utilise to transmit files to certain customers.
As a precaution, the company claimed that it quickly initiated an inquiry with a third-party provider and isolated and restricted the platform to prevent suspicious activity from reaching more parts of its servers.
The company also clarified that not all its customers used the compromised SFTP platform, which was not Finastra’s default platform for file exchange. However, the exact impact and scope of the breach are still undetermined.
The threat actor who published the data samples earlier this month has deleted the post, so it is unclear whether Abyss0 has already sold the data or whether it became concerned about the magnitude of its activity.
