Finastra, a global fintech giant whose clients include JPMorgan Chase, HSBC, and Bank of America, is investigating a cybersecurity incident involving unauthorized access to its Secure File Transfer Platform (SFTP).

On November 7, 2024, the company’s internal security team detected suspicious activity linked to compromised credentials, prompting an immediate response to contain the breach. Days later, a hacker using the alias “abyss0” claimed on a cybercrime forum to be selling 400GB of stolen Finastra data, further escalating concerns.

While the company insists the breach was limited to a single, internally hosted SFTP system not widely used by all customers, the high-profile nature of its clientele and the volume of claimed stolen data have drawn serious attention from regulators, legal experts, and cybersecurity professionals.

Why It Matters: Given Finastra’s central role in the infrastructure of global banking, any compromise of its systems could have wide-ranging implications. Even a contained breach can erode trust among clients, regulators, and end-users, while drawing attention to the ongoing vulnerability of secure file transfer systems in financial services.

• Source of the Breach: The attacker gained access using compromised credentials to breach a Secure File Transfer Platform (SFTP) used to exchange files with some Finastra clients. The platform has since been isolated, and the firm reports no lateral movement within its broader network.

• Claim of Stolen Data: The cybercriminal “abyss0” posted on a hacking forum claiming possession of 400GB of Finastra’s data. Though the post has since been removed, it’s unknown whether the data was sold or pulled to avoid unwanted scrutiny.

• Finastra’s Public Response: Finastra confirmed the breach but emphasized that the affected platform is not their default file exchange method and is used by only a subset of clients. The company is working with a third-party cybersecurity firm and plans to notify impacted individuals directly.

• Background and Precedents: This is not Finastra’s first run-in with cyber threats. In 2020, a ransomware attack forced the company to take systems offline, exposing long-standing weaknesses in its vulnerability management, such as outdated VPN and Citrix servers.

• Legal Investigation Underway: Srourian Law Firm is exploring potential class action litigation related to the breach. Individuals who received a data breach notice from Finastra are encouraged to consult with legal counsel to evaluate next steps and potential claims.

Go Deeper -> Fintech giant Finastra investigates data breach after SFTP hack – Bleeping Computer

Investigation into the Finastra Technology Data Breach – Srourian Law Firm