- A threat actor is offering a large database for sale, claims it came from Finastra
- The finance giant sends out data breach notification letter to affected customers, claiming its secure file transfer service was compromised
- The attacker used stolen credentials to pull off the heist
Fintech software firm Finastra is warning its customers a recent data breach may have meant it recently lost some data.
Security researcher Brian Krebs obtained a copy of the letter sent to affected individuals, which says the breach was not the result of an exploited vulnerability, but rather the result of stolen credentials.
“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. “Furthermore, no files other than the exfiltrated files were viewed or accessed.”
400GB – zipped
The company told BleepingComputer the attack originated on its Secure File Transfer Platform (SFTP): “On November 7, 2024 Finastra’s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers,” Finastra told the publication.
“We immediately launched an investigation alongside of a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform. This incident was limited to the one platform and there was no lateral movement beyond it.”
The same source also claims the platform was not the company’s default one, and was not used by all customers, suggesting that not everyone’s data was compromised.
At the same time, a threat actor with the alias ‘abyss0’ offered for sale a large archive, claiming to originate from Finastra.
“Today we list for sale Finastra.com data breach, dated 2024 Nov,” the notice reads. “In total, 400GB~ zipped.”
“This data is from their ESB and exfil via IBM Aspera, not everything just stuff we deemed as important. There is a lot of files and different file format.”
Finastra is a financial software company with more than 8,000 institutions for customers – among its clients are most of the world’s top banks and credit unions, and it counts tens of thousands of employees.
Via BleepingComputer