London-based financial software company Finastra, which serves most of the world's top banks, says it is investigating a data breach after hackers claimed to have compromised its internal file transfer platform. I admitted it.
In a statement given to TechCrunch, Finastra spokesperson Sofia Romano said the fintech giant announced on Nov. It admitted that it had detected “suspicious activity.”
News of the breach was first reported by cybersecurity journalist Brian Krebs, but someone sold stolen files purportedly belonging to Finastra's largest banking customers on a known cybercrime forum. It was announced after claiming that In a forum post that has since been deleted, the hackers said they were in possession of 400 gigabytes of data from Finastra, including client files and internal documents.
In an incident disclosure shared with customers obtained by Krebs, Finastra confirmed that data had been leaked from its systems. A Finastra spokesperson declined to share a copy of the disclosure with TechCrunch, but the company first informed customers of the incident on Nov. 8, saying, “We're constantly letting our customers know what they don't already know about their data.” ”
Although Finastra did not reveal the name of the compromised file transfer platform, the data seller said data stolen from Finastra's network was used to enable organizations to move large files and datasets across the internet. It claims to be sourced from IBM Aspera, a file transfer software that
In response to questions from TechCrunch, Finastra did not say how many customers were affected or what type of data was accessed in the breach.
“We will analyze the affected data to determine which specific customers were affected, as well as assess which of our products are not dependent on the specific version of the compromised SFTP platform. “Finastra spokesperson Romano said in an emailed statement. “The affected SFTP platforms are not used by all customers, so we are working as quickly as possible to exclude affected customers.”
Finastra added that the company continues to investigate the root cause of the data breach, but “initial evidence indicates that credentials were compromised.” This suggests that your organization has been compromised by stealing someone's username and password. It is still unclear whether the system is secured with multi-factor authentication. Multi-factor authentication can prevent some credential theft attacks.