Finastra confirms massive data breach

Finastra, a global leader in financial technology, recently confirmed a massive data breach. 

What happened

Finastra, a London-based company providing software and services to roughly 45 of the top 50 banks in the world, recently said they were the victim of a cyber attack. 

The company began notifying impacted individuals in mid-November, and recently began an official investigation into the incident. According to Security Week, the breach was spotted when the company found “suspicious activity on an internal file-transfer application used to exchange data with certain customers.” 

Finastra said the situation was not as bad as it could have been, “This was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra’s customer operations or systems.” Operations will be continuing as normal while Finastra completes the investigation. 

Going deeper

The incident first came to light when investigative journalist Brian Krebs reported it after discovering a malicious actor had announced the crime. The actor was using the moniker “abyss0” and announced that they were selling 400 gigabytes of data stolen in the attack. 

Abyss0’s post has led investigators to believe that they compromised Finastra’s file-transfer platform in late October and attempted to sell the data two separate times. Since the initial report came out, the hacker’s account and sales thread have disappeared. Security Week believes this may suggest that the hackers either found a buyer or became scared of law enforcement. 

Why it matters

According to a comment from cyber risk management provider, Bitsight, “Global financial institutions are highly dependent on Finastra. More than 20% of all credit unions, around 50% of accounting firms, and nearly 50% of investment banking firms use Finastra. In total, more than 10% of all financial institutions globally use Finastra technology.” 

With customer’s personal and financial information potentially available to criminals, the breach could lead to fraud or identity theft. While it’s still unclear what exact information was stolen or how many people were impacted, the event will likely force Finastra to reconsider their current cybersecurity policies. It’s likely the company will have to defend themselves against class action lawsuits in the coming months. 

The big picture

Every data breach, no matter how big or small, can have lasting ramifications on companies and customers. 

With breaches becoming more and more common, individuals could find themselves the victim of multiple data breaches, heightening the risk of identity theft or fraud. Every breach counts, and no organization is too big or small to be victimized. Prioritizing security is the best way to show customers or patients that your organization cares about their data. 

Related: HIPAA Compliant Email: The Definitive Guide.