Travelex operations hit by cyber ransom demand
8 Jan 2020
Foreign exchange company Travelex has admitted it is being held to ransom by hackers after a cyber-attack meant the business has had to turn off all computer systems and carry out processes manually
8 Jan 2020
Travelex said that on 31 December, it detected a software virus which had compromised some of its services. As a precautionary measure the company immediately took all its systems across 30 countries offline to prevent the spread of the virus further across the network.
Whilst the investigation is still ongoing, Travelex has confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil.
Media reports, which have not been confirmed by the company, claim that the hackers have said they have copied more than 5GB of users’ personal data and have demanded as much as $6m (£4.5m) in ransom from Travelex.
In its most recent statement, issued this week, Travelex said: ‘Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful.
‘To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.
‘Whilst Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.’
Travelex said it had been able to restore a number of internal systems, which are operating normally. The company said it is working to resume normal operations as quickly as possible and does not currently anticipate any material financial impact for its parent, the global payments company Finablr Group.
Tony D'Souza, chief executive of Travelex, said: ‘We take very seriously our responsibility to protect the privacy and security of our partner and customer's data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused.
‘Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.’
Travelex also said it is in discussions with the National Crime Agency (NCA) and the Metropolitan Police who are conducting their own criminal investigations in the events, as well as its regulators across the world.
In the event of a company identifying a personal data breach, under the general data protection regulation (GDPR), it is required to notify the Information Commissioner's Office (ICO) within 72 hours. Failure to do so can result in substantial fines up to a maximum of 4% of its global turnover.