Banking technology FinTech Finastra was hit with a security breach on Friday (March 20), and was forced to shutter key systems and send employees home, according to a report by KrebsonSecurity.
Although the company’s statement doesn’t mention the type of attack specifically, Krebs believes it is likely a ransomware attack based on the reaction.
Two sources forwarded internal notices about the outage.
“We wish to inform our valued customers that we are investigating a potential security breach. At 3:00 a.m. EST on March 20, 2020, we were alerted to anomalous activity on our network which risked the integrity of our data centers,” Finastra said in a statement. “As such, and to protect our customers, we have taken quick and strict remedial action to contain and isolate the incident while we investigate further.”
The company is based in London and has offices in 42 countries around the world, with 10,000 employees on its workforce. Last year, the firm reported $2 billion in revenue. Nearly all 50 of the top banks in the world Finastra’s customers.
“Our approach has been to temporarily disconnect from the internet the affected servers, both in the USA and elsewhere, while we work closely with our cybersecurity experts to inspect and ensure the integrity of each server in turn,” the statement said. “Using this ‘isolation, investigation and containment’ approach will allow us to bring the servers back online as quickly as possible, with minimum disruption to service; however, we are anticipating some disruption to certain services, particularly in North America, whilst we undertake this task. Our priority is ensuring the integrity of the servers before we bring them back online and protecting our customers and their data at this time.”
Externally, the company mentioned the incident but wasn’t so explicit about what happened.
“The Finastra risk and security services team has detected anomalous activity on our systems,” wrote Tom Kilroy, Finastra’s chief operating officer. “In order to safeguard our customers and employees, we have made the decision to take a number of our servers offline while we investigate. This, of course, has an impact on some of our customers, and we are in touch directly with those who may be affected.”