Finastra, a major payment processing company serving over 8000 financial institutions, is facing a significant data breach involving the theft of over 400 gigabytes of sensitive information. The incident came to light when cyberjournalist Brian Krebs reported on a cybercriminal attempting to sell the stolen data, which allegedly belongs to Finastra's banking clients, on an online forum.
The initial sale attempt was posted on 31 October, with a follow-up at a reduced price just three days later. In response to the suspicious activity, Finastra reported the breach on 7 November, indicating ongoing attempts to extract further data.
On 8 November, Finastra officially notified its customers about the breach, assuring them that no other files were accessed and that customer files remained intact. The company is currently compiling a list of affected clients and continues to maintain communication with them throughout the investigation.
Finastra is also enhancing its data security processes and has been approached by Finextra for comments on its communication strategy during this critical time.