SilverLake Axis, a major global player in the financial technology sector, is allegedly the latest victim of a significant data breach. The company, which provides critical enterprise solutions to over 370 financial institutions across 80 countries, may have had a vast amount of sensitive data exfiltrated and put up for sale on a cybercrime forum. A threat actor has claimed to be in possession of 423GB of data belonging to the Malaysia-based corporation, raising serious concerns given the company’s integral role in the international banking and financial services industry.
The threat actor’s post details the contents of the massive data cache, which allegedly includes highly sensitive corporate information. The sale listing claims the data comprises not only internal documentation, API documentation, and credentials but also the company’s entire network topology and numerous SQL scripts. Furthermore, the actor claims to have source code and images from a wide array of the company’s software projects, which appear to be core components of financial and banking systems. An investigation into the claims is expected, but the potential exposure of such critical infrastructure and client project data could have severe repercussions.
The allegedly leaked data includes:
- Internal documentation
- Entire network topology
- API documentation
- SQL scripts
- Credentials
- Source code and image logs for projects related to client banking systems, payment gateways, e-wallets, and core financial solutions.
