Updated: Apr 30
Foreign currency giant, Travelex is still in damage-control after a successful cyber-breach and a subsequent ransomware attack held the company’s data hostage.
At the time of writing and publishing, Travelex’s website remains inaccessible, with the company stating their apologies and that “this is a result of a software virus.” We reported one month ago with the news that Travelex was being held hostage by attackers, with the BBC reporting there was a $6 million ransom demanded by cybercriminals in exchange for handing over control of the site.
This has caused a number of headaches for major financial institutions such as the Royal Bank of Scotland, Lloyds, Barclays and Sainsbury’s Bank who have relied on Travelex for its currency exchange services. HSBC and Virgin Money also use Travelex’s services. “Banks reported that their supply of notes from Travelex had dried up and were forced to apologise to customers,” writes the BBC.
“On discovering the virus, and as a precautionary measure,” the company writes on its website, “Travelex immediately took all its systems offline to prevent the spread of the virus further across the network. Whilst the investigation is still ongoing, to date our investigation shows that customer data has not been compromised. We have now contained the virus and are working to restore our systems and resume normal operations as quickly as possible.”
Their statement is a direct contradiction of reports stating that “a ransomware gang called Sodinokibi has told the BBC it is behind the hack and wants Travelex to pay $6-million… the gang, also known as REvil, claims to have gained access to the company’s computer network six months ago and have downloaded 5GB of sensitive customer data.”
It remains speculation as to whether or not Travelex paid the ransom for the return of customer data and restoration of its systems.
The latest report from the BBC states that “cashiers resorted to using pen and paper to keep money moving at bureau de changes in airports and on high streets, but orders online were suspended.”
One customer took to the company’s twitter page to state that they were abroad and needed access to their account. Travelex replied stating that they were “unfortunately unable to quote an exact time at this point, but we’re doing everything possible to be up and running as soon as possible."
Travelex has since said that "whilst the investigation is still ongoing, to date, our investigation shows that customer data has not been compromised," pointing those concerned to visit the company's security page.