UK fintech Finastra investigating data breach impacting internal SFTP platform
Finastra, a UK-based financial software provider, is investigating a data breach impacting an internally hosted file transfer platform.
Finastra says it is “continuing to investigate root cause”
In a statement sent to FinTech Futures, Finastra says: “On November 7, 2024, Finastra’s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers.
“We immediately launched an investigation alongside of a third-party cybersecurity firm and, as a precautionary step, isolated and contained the platform.”
The company adds that the incident was “limited to the one platform and there was no lateral movement beyond it”. It further clarifies that the “impacted SFTP platform is not used by all customers and is not the default platform used by Finastra or its customers to exchange data files associated with a broad suite of our products”.
“Importantly, this was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra’s customer operations or systems,” the company says.
Initially reported by Brian Krebs via KrebsOnSecurity, the fintech informed customers that on 8 November, “a threat actor communicated on the dark web claiming to have data exfiltrated from this platform”.
In its statement to FinTech Futures, Finastra says: “We first communicated this incident to customers on November 8th and remain in direct contact with them, as well as with our employees and our regulators about this matter.
“Importantly, we have been sharing new information with all of our stakeholders as it becomes available. The Finastra team has been actively and transparently responding to our customers’ questions and keeping them informed about what we do and do not yet know about the data that was posted.”
“We are continuing to investigate root cause, but initial evidence points to credentials that were compromised,” adds Finastra. “We are analysing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised.”
Founded in 2017, Finastra provides an array of payments and banking solutions to over 8,100 financial institutions across 130 countries, with its technology supporting 45 of the world’s top 50 banks, such as JP Morgan, Morgan Stanley, and Bank of America.
The company’s statement concludes by saying that “for any customers who are deemed to be affected, we will be reaching out and working with them directly”.
