Major global financial technology company Finastra has confirmed launching an investigation into a data breach weeks after threat actor abyss0 first posted about the theft of over 400 GB of data from the firm, reports Krebs on Security.
Infiltration of Finastra's internally hosted file transfer platform, which was only discovered earlier this month, was likely conducted through stolen credentials and has resulted in the exfiltration of customer information, according to Finastra, which emphasized that the intrusion has not affected customer systems and operations. "The threat actor did not deploy malware or tamper with any customer files within the environment. Furthermore, no files other than the exfiltrated files were viewed or accessed," said Finastra in a breach notification sent to its customers. Meanwhile, abyss0 has since removed its accounts on BreachForums and Telegram. Such a development comes more than four years after Finastra was reported to restored its ransomware-hit systems without paying its attacker's demands.
