Finastra Probes Data Breach Involving Secure File Transfer Platform

The global fintech leader is investigating a breach that exposed 400GB of data, allegedly stolen using compromised credentials.

Finastra, a London-based fintech company serving 45 of the world’s top 50 banks, detected suspicious activity on its Secure File Transfer Platform (SFTP) on November 7, 2024.
The breach involved stolen credentials and reportedly led to the exfiltration of 400GB of data, including client files and internal documents, according to a hacker's claim on a cybercrime forum.
The attacker, known as 'abyss0,' initially listed the stolen data for sale online but later deleted the post, raising questions about whether the data was sold or removed due to publicity.
Finastra has isolated the compromised platform, which is not used by all customers, and is working with cybersecurity experts to assess the breach's scope and notify affected clients directly.
The company has replaced the impacted file-sharing system and is conducting a detailed analysis to identify affected customers while ensuring transparency in its communications.