Global financial technology leader Finastra has confirmed a major data breach affecting its internal file transfer system. The London-based company, which provides software services to 45 of the world's top 50 banks, detected unauthorized access to its systems on November 7, 2024.
According to company statements, an attacker gained entry to Finastra's internally hosted system using compromised login credentials. The cybercriminal claims to have stolen over 400 gigabytes of data, including client files and internal company documents.
The stolen information was briefly listed for sale on underground cybercrime forums, with an initial asking price of $20,000 that was later reduced to $10,000. The seller, operating under the alias "abyss0," has since disappeared from these platforms.
Finastra has moved swiftly to address the incident. The company notified affected customers within 24 hours of detecting the breach and has implemented a new secure file-sharing platform to maintain business continuity. Their Chief Information Security Officer is actively engaging with client security teams to share updates and technical details about the compromise.
"There is no direct impact on customer operations, our customers' systems, or Finastra's ability to serve our customers currently," the company stated in its disclosure notice. While the attacker accessed and copied files, Finastra emphasized that no malware was deployed and no customer data was tampered with.
The full scope of affected customers remains under investigation. Finastra noted that not all clients use the compromised file transfer platform, and they are working to identify which specific customers and data were impacted.
Finastra, which reported $1.9 billion in revenue last year, serves approximately 8,100 financial institutions globally and processes large volumes of wire and bank transfer instructions. The company maintains offices in 42 countries and employs over 7,000 people.
As the investigation continues, Finastra has committed to maintaining transparency with its clients and will directly contact any customers found to be affected by the data breach.