Travelex Slowly Recovering From Ransomware Attack

The boss of Travelex has finally spoken out about a cyberattack that forced its staff to use pen and paper and halted travel money sales at some banks and supermarkets.

Travelex has restored some of its systems after a New Year’s Eve cyberattack left customers unable to exchange foreign currency online at some of Britain’s biggest banks. Travelex is still declining to say if it has paid a ransom to the criminals responsible.

The travel money provider said it had managed to restore the automated order placement used by several UK high street banks and would relaunch its international money transfer service by the end of January.However, other Systems remain Offline

The firm has released a number of short statements since cyber criminals held the firm to ransom on 31 December.But in a video message on the firm's website, boss Tony D'Souza said the IT system used by in-store staff was working again. Travelex, which is the world’s largest currency dealer, shut down its systems after a cyberattack on New Year’s Eve. It had still managed to process orders in store but was forced to use pen and paper to track them.

Some of Britain’s biggest banks were caught up in the outage, forcing their online customers to find other ways to buy cash for their holidays.

Banks will now be able to do in-store orders for home delivery and for collection in branch. However, Travelex will initially only offer 70 currencies, with more coming online later. The major currencies are understood to have been prioritised. While D’Souza said the system used by staff is now working, there was no word on when the firm's main UK website would be returned to service. He offred some  to reassurance over public concerns that user data may have been put at risk, saying that Travelex has “not uncovered any evidence to suggest that any customer data has left the organisation”.

The company said automated order placement systems used by UK banking partners, which include HSBC, Barclays and Virgin Money, were now live. RBS and Tesco Bank later reported that their respective travel money sites, powered by Travelex, remained offline. That means customers are still unable to order currency online, either from Travelex itself or through the network of banks that use its services, including Barclays, Lloyds, RBS, and the finance websites of Sainsbury's and Tesco.

Travelex has said very little publicly since hackers held its systems to ransom by encrypting its digital files, reportedly demanding somewhere between £3m amd $6m to unlock that data.

Mr D'Souza said it was "not appropriate" to discuss details of the attack, adding that an investigation was ongoing. "To date, there is no evidence that any data has left the organisation," he told the BBC. The hackers, a gang called Sodinokibi, have told the BBC they gained access to the company's computer network six months ago and claim to have downloaded 5GB of sensitive customer data caliming that dates of birth, credit card information and national insurance numbers are all in their possession, they said. 

Travelex said it is working closely with the Metropolitan Police, which is leading the investigation into the attack.

BBC:        Barhhead News:            Sky News:         Graham Cluely:       Realwire:

You Might Also Read:

30% Of Business Leaders Would Pay Ransom:

New Ransomware Formats Double:

« Publishers Spread Fake News
GDPR Data Breach Notifcations & Fines Are Increasing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

Tundra Managed Solutions

Tundra Managed Solutions

Tundra Managed Solutions is a comprehensive IT services division offering a wide range of managed solutions designed to meet the diverse needs of businesses.

CQURE

CQURE

CQURE is divided into four main cybersecurity excellence areas: CQURE Consulting, CQURE Academy, CQURE Knowledge Sharing and CQURE Cyber Lab.