Finastra, a leading provider of solutions to over 8,000 financial institutions, is investigating a breach of its internal file transfer platform, where hackers stole more than 400 gigabytes of data.

The breach came to light after cyberjournalist Brian Krebs reported that stolen data, allegedly belonging to Finastra’s banking clients, was being offered for sale on an online forum. The cybercriminal initially listed the data for sale on October 31 and reduced the price days later. Finastra detected suspicious activity on November 7 and notified customers of the breach on November 8, assuring them of ongoing updates and transparency.

In its disclosure, Finastra confirmed that the hackers did not access or tamper with other files and emphasized its efforts to identify impacted clients while maintaining operations. The company promptly engaged with customers, employees, and regulators, sharing Indicators of Compromise (IOCs) to support their security teams in responding to the breach. A spokesperson highlighted the importance of balancing transparency and accuracy during investigations, stating that the priority remains on securing systems and enabling customers to take appropriate actions.

Finastra is collaborating with third-party cybersecurity experts to strengthen its defenses and ensure the safety of client data. The company reaffirmed its commitment to rebuilding trust through robust communication and ongoing security enhancements. "Maintaining the trust and security of our customers is paramount," Finastra stated, underscoring its dedication to taking every necessary step to protect sensitive information while learning from the incident.