Fintech giant Finastra says hacker stole data from its internal network

London-based fintech giant Finastra said it experienced a data security incident after a threat actor claimed that they stole sensitive information from its internal network.

 

Headquartered in London, Finastra is one of the world’s largest financial technology firms, providing software and services to world’s top banks and financial institutions. Founded in 2017 through a merger of financial operations software Misys and payment technology provider D+H, the company boasts an annual revenue of close to $2 billion.

 

In a data security incident notice, Finastra said that on November 7, it identified suspicious activity on an internally hosted file transfer platform. The company immediately launched an investigation, with assistance from Sygnia, an external cyber security expert firm, to determine the nature and scope of the incident.

 

 

“Files downloaded from Aspera are safe. The threat actor did not deploy malware or tamper with any customer files within the environment,” Finastra said. “Furthermore, no files other than the exfiltrated files were viewed or accessed. We remain focused on determining the scope and nature of the data contained within the exfiltrated files.”

 

Finastra added that the affected system remains isolated till the company completes its investigation. Also, as of now there is no evidence that the security incident was limited to the file transfer application and did not move to any other systems.

 

While the investigation is still ongoing, Finastra said preliminary investigation indicates credentials were compromised. The priority of the investigation is to not only identify the source of the compromise but also to identify those whose data was accessed during the incident. The fintech giant has promised to notify clients if it finds that their files were accessed.

 

On November 8, a threat actor using the moniker “abyss0” claimed responsibility for the data security incident and listed Finastra as a victim on BreachForums. The hacker claimed to be in possession of 400GB of compressed data, including client files and internal documents. “abyss0” has offered to sell the stolen data to anyone who meets its asked price.