Finastra Breach: 400GB of Data Stolen, Offered for Sale Online

The fintech company Finastra has fallen victim to a cyberattack resulting in the theft of over 400 GB of data. The breach occurred on its internal data transfer platform. A hacker operating under the alias “abyss0” has put the stolen information up for sale on the BreachForums platform.

On November 8, the company notified its clients of the breach, stating that suspicious activity had been detected the previous day. According to Finastra, the attackers did not deploy malware or alter client files but managed to exfiltrate a substantial volume of data.

Finastra disclosed that the breach stemmed from the compromise of account credentials. To safeguard operations, the company activated an alternative data transfer platform. Efforts are currently underway to assess the full scope of the breach and precisely identify the affected individuals. The company has assured clients that there is no evidence of direct impact on their operations.

The hacker “abyss0” initially listed the data for sale on October 31 without naming the company, pricing it at $20,000. By November 3, the price had dropped to $10,000. On November 7, the hacker posted a new message linking the data to Finastra’s clients, which include some of the world’s largest banks. Shortly after, “abyss0’s” account vanished from the forum, and their Telegram profile was deleted.

The full scale of the incident and its implications for clients remain to be determined. Finastra continues its investigation and has pledged to keep clients informed of all developments.