Finastra, a British fintech firm, has begun notifying individuals affected by a data breach that occurred between October 31 and November 8, 2024. A threat actor accessed and exfiltrated files from an internal secure file transfer platform, compromising personal and financial account information. The breach was discovered in mid-November when a hacker claimed to have stolen 400GB of data and offered it for sale on an underground forum. While Finastra maintains that no ransomware or malware was involved, speculation suggests the company may have negotiated with the hacker to delete the data. Finastra is providing affected individuals with two years of free identity protection and credit monitoring, stating that the overall risk of misuse is low. Continue here.
