Assessing the Initial Financial Impact of Finastra’s Recent Data Breach: A Comprehensive Analysis for Executive Leadership and Board Members

Finastra, a leading financial technology firm serving 45 of the world’s top 50 banks, is investigating a significant data breach involving its internal file transfer platform.1

On November 7, 2024, Finastra detected suspicious activity and learned that a cybercriminal began selling over 400 gigabytes of data purportedly stolen from its systems.

Finastra has assured customers that the breach will not directly impact their operations or Finastra’s ability to serve them. The company has implemented an alternative secure file-sharing platform to ensure continuity and is actively analyzing the exfiltrated data to determine the specific customers affected. Initial evidence suggests that compromised credentials may have facilitated the breach.

The recent data breach reportedly involved Finastra’s internal file transfer platform, integral to securely exchanging sensitive financial data with client banks. This platform supports various services, including payment processing and lending operations. The breach raises concerns about the security of data transmitted through this system and its potential impact on the services provided to banks.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends notifications when I publish new articles.

Previous Breach in March 2020

In March 2020, Finastra, a leading financial technology firm, experienced a significant ransomware attack. On March 20, the company detected abnormal activity on its systems, prompting the decision to take several servers offline to safeguard customer and employee data. This preemptive action led to service disruptions, particularly affecting North American clients.13

Subsequent investigations revealed that the attack bore the characteristics of a ransomware incident. Finastra engaged an independent forensic firm to assess the scope of the breach and implemented an ‘isolation, investigation, and containment’ strategy. This approach involved temporarily disconnecting affected servers to prevent further unauthorized access.8

Despite the severity of the attack, Finastra reported no evidence of customer or employee data being accessed or exfiltrated. The company emphasized that its clients’ networks remained unaffected. By early April 2020, Finastra had restored its systems and resumed normal operations, fortifying its cybersecurity measures to prevent future incidents.12

This incident underscores the critical importance of robust cybersecurity protocols in the financial technology sector, highlighting the need for continuous vigilance and proactive measures to protect sensitive data.

Assessing The Potential Impact For Executives & Boards of Directors

Finastra offers a comprehensive suite of financial software solutions to banks and financial institutions. Depending on the services used and forthcoming details about this new breach, we can perform an initial analysis to quantify potential financial exposure and revise it using Bayesian methods as new information becomes available:

Finastra Services to Banks:

• Core Banking Solutions: These encompass retail and commercial banking services, facilitating daily banking operations and customer interactions.
• Payments Processing: Finastra provides platforms for processing domestic and international payments, ensuring secure and efficient transactions.
• Lending Platforms: The company offers solutions for managing various lending activities, including mortgage origination and servicing.
• Treasury and Capital Markets: These services assist banks in managing trading, risk, and treasury operations.
• Digital Banking: Finastra provides platforms that enable banks to offer their customers online and mobile banking services.

The recent data breach at Finastra, involving unauthorized access to its internal file transfer platform, aligns with the System Intrusion pattern defined in the Verizon DBIR data. This pattern encompasses incidents where threat actors gain unauthorized access to systems, often leading to data exfiltration or other malicious activities.

The breach is characterized by Hacking, specifically using stolen credentials or exploiting vulnerabilities to infiltrate the system. This method is commonly employed in breaches where attackers seek to access sensitive data by compromising secure systems.

The compromised internal file transfer platform falls under Server assets. Servers are critical components in an organization’s infrastructure, often targeted by attackers aiming to access and exfiltrate sensitive information.

Understanding these classifications is critical because it gives us a starting point to begin our investigation of quantifying potential financial impacts. I can refine and update the analysis once we know more technical details about the breach. This is the beauty of taking a Bayesian approach to cyber risk quantification. We can update the model (prior) when new information becomes available.

Based on historical breach data, banks in the USA have a 10.25% probability of a cyber breach event via hacking activities by cyber criminal threat actors. I leverage the historical breach data from the Verizon DBIR report and Bayesian statistical methods to compute this probability using a custom-developed python program.

Finastra’s client banks are experiencing a potential breach via their service provider (supply chain) in this current breach event.

We can now use this probability estimate as a critical input into a new program designed to compute the Loss Exceedance Curve (LEC). The LEC is a powerful tool to help leadership quantify and visualize the range of potential financial exposures, highlighting the likelihood of losses exceeding specific thresholds. This enables informed decision-making by focusing on the most likely economic risks impacting the organization.

I used an example of a $4 million cyber insurance activation to help illustrate how this can be used in the LEC computation and illustration.

The Loss Exceedance Curve (LEC) is a critical tool for executive business leaders to understand cybersecurity breaches’ likelihood and potential financial impact. Here’s how to interpret the provided LEC for the Finastra breach:

• The red vertical line at $4 million represents the activation threshold for cyber insurance coverage.
• The chart shows that the chance of losses exceeding $4 million is 3.58%, highlighting the likelihood of the insurance being triggered.
• This LEC enables leaders to assess their financial exposure to cyber risks and determine whether current insurance coverage aligns with the organization’s risk appetite.
• It also identifies scenarios requiring additional mitigation strategies, such as strengthening security controls or adjusting insurance limits.

This example provides a quick, illustrative application of Bayesian methods to quantify cybersecurity risks using a real-world cyber breach event. While this is a starting point, the model and calculations will be continuously refined as more information becomes available. The insights shared in this article are intended to help frame the potential impacts of the recent Finastra cyber breach on client banks, offering an initial foundation for informed decision-making.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends notifications when I publish new articles.