, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform.
In a statement given to TechCrunch, Finastra spokesperson Sofia Romano confirmed the fintech giant detected what it calls “suspicious activity” related to an “internally hosted Secure File Transfer Platform (SFTP)” on November 7.
News of the breach, by cybersecurity journalist Brian Krebs, comes after someone claimed on a known cybercrime forum to be selling stolen files allegedly belonging to Finastra’s largest banking clients. In a since-deleted forum posting, the hacker said they were in possession of 400 gigabytes of data from Finastra, including client files and internal documents.
In an incident disclosure shared with customers, obtained by Krebs, Finastra confirmed data was exfiltrated from its systems. Finastra’s spokesperson, who declined to share a copy of the disclosure with TechCrunch, said the company first communicated the incident to customers on November 8 and has been “keeping them informed about what we do and do not yet know about the data that was posted.”
Finastra declined to name the compromised file-transfer platform, but the data seller claims the stolen data from Finastra’s network was sourced from IBM Aspera, a file-transfer software that allows organizations to move large files and datasets over the internet.
When asked by TechCrunch, Finastra would not say how many customers are affected or what types of data were accessed in the breach.
“We are analyzing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised,” Finastra’s spokesperson Romano said in an emailed statement. “The impacted SFTP platform is not used by all customers… so we are working as quickly as possible to rule out affected customers.”
Finastra added that the company continues to investigate the root cause of the data breach, but said that “initial evidence points to credentials that were compromised.” This suggests the organization was compromised through the theft of someone’s username and password. It’s not yet known if the system was protected with multi-factor authentication, which can prevent some credential theft attacks.