Lynn Johannson, Advisor, Sustainability and ESG
January 4th, 2024
Lynn Johannson, President of E2 Management Corporation and Catalyst for THE Collaboration
In a care[...]
Major Data Breach @Finastra and Canadian Banks?
Data Breach | Nov 22, 2024
Finastra Data Breach Raises Alarm for Banks and Financial Institutions
One of the largest fintechs in the world, Finastra, just had a major data breach. Hackers got access to their system and stole 400GB of sensitive data. Since Finastra works with 8600 financial institutions globally including some of the largest banks, there’s a good chance this breach affects Canadian financial institutions. The company has 12,000 staff and reported revenue of $1.7 billion last year.
According to Bleeping Computer, hackers gained access to Finastra's Secure File Transfer Platform (SFTP) using compromised credentials likely stolen through infostealer malware. There was a serious security flaw given the lack of multi-factor authentication (MFA) which may have made it easier for the hackers to gain access but once they did, they moved quickly to extract a massive amount of sensitive data which appeared for sale on darknet forums shortly after the attack. Sounds well organized to me.
What Data Could Be at Risk?
While we don’t have the full list of what was stolen, and according to Forbes, experts believe the following data was compromised and is now in the wrong hands.
See: New Cyber Threats Financial Service Firms Need to Know
- Bank-to-bank agreements and contracts
- Sensitive operational information like compliance reports and settlement data
- Customer information such as names, addresses, and account details
What's the Likelihood that Canadian Banks are Affected?
Finastra has deep ties to Canada. So the answer is almost certainly, yes. It's not a question of 'if' but how much. Here’s why:
- Finastra was formed when UK-based Misys merged with D+H, a Canadian fintech company.
- D+H was the go-to tech provider for Canadian banks, credit unions, and even government programs.
- Today Finastra still offers key services to Canadian financial institutions such as:
- Cheque processing
- Payment systems
- Mortgage tech
- Student loans (including programs with the Government of Canada)
- Finastra’s platforms are widely used for critical financial processes, so if a Canadian bank is using the SFTP system for secure file transfers, then they are part of the breach.
- Canadian banks that operate internationally may be sharing interconnected systems with other affected clients.
See: Will Nuclear Fuel the Data-Driven Future?
The implications of the fallout could be that the stolen financial data is exploited in a variety of ways. Canadian privacy laws like PIPEDA could issue hefty fines if sensitive information was exposed. Canadian banks may lose an ounce of trust with their customers. A breach like this can't just be ignored.
What’s Finastra Saying?
Finastra is working with cybersecurity experts to figure out what happened and prevent it from happening again. The company is reviewing its authentication protocols and improving security of its SFTP system. They have also notified its impacted clients including financial institutions and is working with them to assess exposure and next steps. They need to provide some big answers soon like the full extent of the breach and which clients are impacted and how.
Simon Paris CEO Finastra put out a statement saying:
“Our top priority is resolving this issue and ensuring the safety of our clients’ data.”
What’s Next?
Finastra is still investigating the breach to understand its full impact, and is another wake-up call for the entire financial industry. More details are expected to emerge shortly so stay tuned.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Related Posts
Coinberry gets relief from OSC to trade crypto- 6 Things to Consider Before You Make Investing Decisions
- DOJ Wants Changpeng Zhao Sentenced for 3 Years
- Pebble’s new Kickstarter raises $1 million in record time
- AccelerateIP Launches New $12.5 Million IP Program for Startups
- ‘Ready to Go’: Powell Says Fed Report on Crypto and CBDCs will drop in the coming weeks
Leave a Reply