Hacker May Have Stolen 400GB From Major Financial Software Provider

A hacker may have stolen as much as 400GB from Finastra, a financial software provider that serves 90 of the top 100 banks. 

UK-based Finastra confirmed the breach today, saying it had detected suspicious activity on “an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers.”

“We immediately launched an investigation alongside of a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform,” the company said in an email. “This incident was limited to the one platform and there was no lateral movement beyond it.”

The breach first came to light earlier this month after someone posted on hacking site BreachForums about stealing data from Finastra, according to cybersecurity journalist Brian Krebs. The hacker, who went by the name “abyss0,” claimed to have stolen 400GB of data from the company and put it up for sale before mysteriously deleting the original post and closing their account. Abyss0 also tried to sell the data last month, initially for $20,000 and then $10,000, but didn’t disclose the victim company at the time.

Finastra, which serves over 9,000 enterprise customers, says it first detected the hack on Nov. 7, which prompted the company to issue an alert to its users. “We are continuing to investigate root cause, but initial evidence points to credentials that were compromised. The source of the compromise is a priority aspect of the investigation,” Finastra added. 

For now, it’s unclear which customers are affected. But Finastra says the Secure File Transfer Platform wasn’t used by all customers, nor was it the company’s default file transfer method. 

“So we are working as quickly as possible to rule out affected customers,” Finastra said. “This is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications.”