Popular financial software and services provider, Finastra, whose clientele includes 45 of the world’s top 50 banks, is reportedly warning these institutes of a potential breach affecting one of its internally hosted file transfer platforms.
In an Incident Disclosure letter sent to its customer firms, first obtained and reported by cybersecurity journalist Brian Krebs, Finastra said that it discovered suspicious activities on a secure file transfer platform (SFTP) the company leverages to send large files outside of its networks.
“In response, our information Security team began to triage the information and activated incident response protocols,” Finastra added in the disclosure.
A threat actor, using the alias “abyss0,” posted claims for the breach on BreachForums, attempting to sell the allegedly stolen data.
400 GB of customer data allegedly stolen
The BreachForum post from abyss0, which has since been deleted from the forum, claimed it possessed 400GB of customers and internal data. The actor put up the entire data for sale, sharing a preview for interested dark web buyers.
The data, abys00 had said, is from Finastra’s Enterprise Service Bus (ESB) and has been exfiltrated via IBM Aspera, a Fast Adaptive Secure Protocol (FASP) based file transfer solution.
“Not everything just stuff we deemed as important,” abys00 added. “There is a lot of files and different file format.”
The Fintech vendor powers operations for around 8100 financial institutions in over 130 countries, including solutions for lending and corporate banking, the threat actor added.
The customer data in question may pertain to transactional details and financial records. Internal documents may include Finastra’s operational data, transactional details, and documents related to its services.
Finastra assures no direct impact on business
On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform,“ Finastra added in the disclosure. ”There is no direct impact on customer operations. our customers’ systems or Finastra’s ability to save our customers currently. ”
Queries sent to Finastra seeking details of its investigation and whether it has been approached by the threat actor did not elicit a response till the publishing of this article.
Finastra assured, in the disclosure, that files downloaded from Aspera are safe. “The threat actor did not deploy malware or tamper with any customer files within the environment. Furthermore, no files than the exfiltrated files were viewed or accessed.”
The Fintech solutions provider said it is reaching out to potentially affected customers and will further notify if an organization is confirmed to have suffered a compromise of files.
The company said a preliminary investigation revealed “credentials compromise” as the source of the breach. Nothing else was said about whether the credentials were accessed through a primary theft, an insider event or phishing. “We believe that this incident was limited to the system in question and there is no further evidence at this time to suggest any lateral movement beyond it.”