Fintech firm Finastra has shared further detail on the investigation process following a data breach that occurred earlier this month.
Editorial
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
The company, which processes payments for over 8000 financial institutions, is currently investigating theft of data from its internal file transfer platform, where the hackers stole over 400 gigabytes of information.
Cyberjournalist Brian Krebs reported the breach when observing a cybercriminal attempting to sell the stolen data allegedly belonging to Finastra’s banking clients on an online forum. The first attempt was posted on 31 October, and again at a reduced price three days later. Finastra reported suspicious activity on 7 November , indicating that the criminal attempted to steal more information.
Finastra notified their customers of the breach on 8 November, providing updates on the investigation process and responding to queries.
In a disclosure to customers, Finastra stated that no other files were accessed and that no customer files were tampered with. The statement confirmed that they are currently in process of procuring a list of impacted clients and are still able to serve and communicate with customers.
A Finastra spokesperson stated that they remained in contact with customers since 8 November, keeping them updated on new information on the investigation, whilst informing employees and regulators on the breach. Finastra shared Indicators of Compromise (IOCs) and have been updating customers’ seucity teams on the investigation.
Finastra further indicated how crucial it is to maintain communication with customers during the investigation: “The delivery of accurate information once initial response activities have taken place is critical, during any incident, to reassure customers. However, in the early phases of an investigation, we may be limited in what we know and it’s important to balance accuracy and transparency. At all times the priority must remain on securing the environment and conveying what steps have been taken to enable customers to take appropriate actions themselves.
“As part of our remediation and investigation process, alongside third-party experts, we continue to examine our cybersecurity processes and identify steps to strengthen our systems. We understand the importance of maintaining the trust and security of our customers, and we are committed to taking all necessary steps to protect our customers’ data.”
