Experts On Finastra Security Breach News

Brian Krebs is reporting that a security breach has disrupted operations at London-based fintech firm Finastra, which provides services to most of the world’s top 50 banks. Finastra has over 9,000 customers across 130 countries; sources at two different U.S. financial institutions forwarded a notice they received from Finastra saying the outage was expected to disrupt certain services, particularly for clients in North America.

Experts Comments

March 23, 2020
Colin Bastable
CEO
Lucy Security
Organized crime rings, malignant state actors and opportunistic fraudsters adore crises, and this one offers them perfect cover. We've seen a massive surge in cyber attacks in March. Disrupted work patterns and distracted staff create ideal conditions for ransomware and BEC/CEO fraud attacks, as well as targeted, socially-engineered attacks. Golden Key Holders -- those people who have access to a lot of information and “hold the keys” to files, systems, records, bank accounts, etc. are.....Read More
Organized crime rings, malignant state actors and opportunistic fraudsters adore crises, and this one offers them perfect cover. We've seen a massive surge in cyber attacks in March. Disrupted work patterns and distracted staff create ideal conditions for ransomware and BEC/CEO fraud attacks, as well as targeted, socially-engineered attacks. Golden Key Holders -- those people who have access to a lot of information and “hold the keys” to files, systems, records, bank accounts, etc. are especially vulnerable right now. Many are working at home without their normal support systems, and are vulnerable to indirect attack through spoofed emails delivered to work colleagues and associates. If a hacker gets control of their email and system passwords, they can do a lot of damage. Socially engineered attacks might start with a LinkedIn search to find such people, then a Facebook search, then make contact and drop a file in a spear-phishing attack. Outsourcing and the use of contractors multiplies the risk: we have global disruption, and many fintech companies have outsourced their operations to third parties who themselves are challenged by staff dislocation.  Read Less
March 23, 2020
Jim Van Dyke
CEO
Breach Clarity
A ransomware attack, in and of itself, does not necessarily expose personal data. Typically, it means the victimized company can’t access its own data. However, it can also mean the company’s data is in the hands of the hackers and could be publicly dumped if the attacked company does not comply with the hacker’s demands. Because Finastra has not released the results of its investigation, we can’t know at this point if bank or customer data has been exposed, or even if this truly was a.....Read More
A ransomware attack, in and of itself, does not necessarily expose personal data. Typically, it means the victimized company can’t access its own data. However, it can also mean the company’s data is in the hands of the hackers and could be publicly dumped if the attacked company does not comply with the hacker’s demands. Because Finastra has not released the results of its investigation, we can’t know at this point if bank or customer data has been exposed, or even if this truly was a ransomware attack as some security analysts have suggested. We are anxiously awaiting those results so we can provide appropriate analysis, which will hopefully include a Breach Clarity Score to give consumers an idea of the severity of the breach, as well as breach-specific steps they can take to mitigate the most-likely risks they’ll face as a result. All too often, consumers learn of a breach and operate with a very inaccurate understanding of what to do next. On a regular basis, consumers and industry security leaders are inundated with irrelevant, confusing, or conflicting advice on how to protect themselves following a confirmed breach. Our team works to provide precise, unbiased, and action-oriented advice on the most likely risks that follow any publicly reported data breach (currently affecting US consumers only). At the end of the day, all honest people win when facts and reason are used to respond to data breaches.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.