Finastra Data Breach Affects Over 800K Americans: SSNs Exposed

On Nov. 7, 2024, Finastra Technology discovered a cybersecurity incident that impacted certain company systems. The breach was traced back to unauthorized access of a Secure File Transfer Platform (SFTP) used by Finastra to provide technical and customer support.

According to the company’s investigation, an unknown third party accessed the SFTP at various times between Oct. 31 and Nov. 8, 2024, and on Oct. 31, 2024, obtained certain files containing sensitive information.

The breach affected hundreds of thousands of people across the United States including 3,521 Texas residents, 1,424 South Carolina residents, 281 New Hampshire residents, 233 Maine residents, 143 Montana residents and 65 Massachusetts residents were impacted. The files contained a range of personally identifiable information (PII), including names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers and financial account information. No protected health information (PHI) was reported as part of this incident.

Finastra’s investigation, conducted with the assistance of leading cybersecurity firms, found no evidence that the unauthorized third party still has access to the data or that the data was further copied, retained or shared. The company also reported no indication that the exposed information has been misused. Nonetheless, the risk of identity theft remains due to the exposure of Social Security numbers and financial account details.

The breach was disclosed to authorities in several states, including the California Attorney General, Maine Attorney General, Massachusetts Attorney General, South Carolina Attorney General, Texas Attorney General, Montana Attorney General and New Hampshire Attorney General. Notifications to affected individuals were sent by U.S. Mail beginning July 3, 2025.

Finastra Technology's response

After discovering the breach, Finastra immediately reported the incident to law enforcement, including the FBI, and engaged top cybersecurity firms to investigate and contain the incident. The company has since implemented numerous measures to enhance the security of its network, systems and data. Finastra continues to evaluate additional steps to further strengthen its security posture.

To support those affected, Finastra is offering a complimentary 24-month membership to Experian IdentityWorks, which provides identity protection and identity theft resolution services. Impacted individuals are encouraged to enroll in this program and to remain vigilant by reviewing account statements and credit reports for unauthorized activity. The company’s notice also provides detailed guidance on placing fraud alerts and security freezes with major credit bureaus, as well as contact information for relevant state agencies and the Federal Trade Commission.

Given the nature of the breach—unauthorized access to an SFTP containing sensitive PII—affected individuals should be especially cautious about potential identity theft or fraud. It is advisable to take advantage of the free credit monitoring, consider placing a security freeze on credit files and report any suspicious activity to authorities promptly.

More information about the company and its services can be found on the Finastra website.