British financial technology company Finastra has begun notifying customers about a significant data breach that took place over three months ago. This incident involved unauthorized access to the company’s secure file transfer platform (SFTP), which is utilized for sharing sensitive files with clients, between October 31 and November 8, 2024. Although the breach was initially detected on November 7 and disclosed shortly after, Finastra only reached out to those affected on February 12, 2025.
During the compromise of the SFTP platform, a malicious actor reportedly exfiltrated sensitive files, which included personal information such as names and financial account details of customers. While Finastra has not disclosed the total number of individuals impacted, filings made to the Massachusetts Attorney General’s Office indicate that at least 65 residents of the state were affected by this breach.
The delayed notification process has raised concerns, particularly considering the heightened risks of fraud and identity theft that often accompany such breaches. In their communication to affected individuals, Finastra reassured that there is currently no evidence to suggest that the stolen information has been duplicated, retained, or distributed further. The company asserted, “We believe the risk to individuals whose personal data was involved is low,” in their notification letters.
Nonetheless, this breach corresponds with a now-removed post on an underground forum from November 2024, where an actor claimed to be offering 400GB of data supposedly taken from Finastra’s systems. This connection adds a layer of complexity to the situation, as it may suggest that the data could still be circulating in illicit channels.
In an effort to mitigate the impact of the breach, Finastra has arranged for two years of complimentary identity protection and credit monitoring services through Experian for those affected. The company also emphasized that the breach was limited to the SFTP platform itself, with no indications of lateral movement or malware propagation within their broader IT infrastructure.
Finastra, headquartered in London, provides financial services software to over 8,100 institutions across 130 countries, including 45 of the world’s 50 largest banks. The incident raises numerous questions regarding the adequacy of their cybersecurity practices and protocols. As news of the breach unfolds, Finastra has been approached for further clarification, and additional updates will be provided pending their response.
For business owners, understanding the potential tactics that may have been employed in this breach is crucial. Based on the MITRE ATT&CK framework, the initial access may have been achieved through methods such as phishing or exploiting vulnerabilities in the SFTP system, followed by data exfiltration techniques. Such insights underscore the importance of vigilance and proactive measures in safeguarding sensitive customer information against increasingly sophisticated cyber threats.
For further reading on trends and developments in cybersecurity within the financial sector, recent articles have highlighted similar incidents, including a notable breach involving Prudential Financial.
In summary, as Finastra navigates the ramifications of this breach, it is essential for businesses to assess their cybersecurity frameworks, recognize potential vulnerabilities, and implement robust measures to protect against adversary tactics that are readily used in contemporary cyberattacks.
