Finastra, a London-based company that provides financial software and adjacent services to the world’s banking sector, has disclosed a security breach today.
In a statement posted on its website, the fintech giant described the incident as “potentially anomalous activity” on its systems.
“Out of an abundance of caution, we immediately acted to take a number of our servers offline while we continue to investigate,” Tom Kilroy, the company’s Chief Operating Officer said.
A notification was sent to some of the company’s customers and employees, both of which are now having tools and services disrupted by the abrupt server shutdowns.
Once the security breach became public knowledge earlier today, security researchers were quick to point out Finastra’s less than stellar security posture.
For example, threat intel firm Bad Packets said that its internet-wide scans had previously found that the fintech company had run unpatched servers for a long time, leaving its systems exposed to attacks.
According to Bad Packets, Finastra ran outdated Pulse Secure VPN servers last year, and also ran outdated Citrix servers earlier this year.
Both server technologies had been plagued by severe vulnerabilities that were mass-exploited by hackers for the past months — including by both ransomware gangs and state-sponsored groups [1, 2].
At the time of writing, Finastra has declined to share details about what happened on its systems, citing an ongoing investigation.
Some security researchers suggested the company could have fallen victim to a ransomware attack; however, we were unable to corroborate this theory based on publicly available information or with the company directly.
It is also unclear if the security breach impacted Finastra clients or their respective networks, or if it was limited to the fintech company’s internal network only.