Travelex cyberattack drags into third week
Travelex is still experiencing tech issues following a damaging cyberattack that occurred more than two weeks ago, despite the firm stating its systems are being slowly turned back on.
The foreign exchange firm was attacked by a cybercriminal group behind the Sodinokibi ransomware, also known as REvil, on New Year’s Eve 2019.
It responded by shutting its systems down to prevent the virus from spreading. The downtime has adversely affected several major banks in the UK, including Barclays, Lloyds and Royal Bank of Scotland, as they all use Travelex to provide their foreign exchange and travel money services.
In a statement, Travelex says it continues to make “good progress” with its recovery from the attack.
“Having already restored some of its internal and order processing systems, the company is now starting to restore customer-facing systems, beginning with the in-store systems that process customer orders electronically.”
The group behind the Sodinokibi attack initially asked for a $3 million payment to release encrypted personal files of Travelex customers, then raised the figure to $6 million.
It claims to have snatched and encrypted the dates of birth, credit card information and national insurance numbers of thousands of users, in files amounting to 5GB worth of data.
Last week it published 337MB of stolen files from another victim, US-based staffing firm Artech Information Systems, as a signal of intent.
Related: Two major Canadian banks impersonated in two-year phishing campaign
Travelex has refuted claims that customers are at risk: “Based on Travelex’s extensive internal assessments and the analyses conducted by its expert partners there is no evidence to suggest that customer data has been compromised.”
The FX firm is working with the National Cyber Security Centre (NCSC) and the Metropolitan Police. The Information Commissioner’s Office (ICO) is “aware” of Travelex’s position.
Tony D’Souza, CEO of Travelex, said: “We continue to make good progress with our recovery and have already completed a considerable amount in the background.
“We are now at the point where we are able to start restoring functionality in our partner and customer services and will be giving our partners additional detail on what that will look like during the course of this week.”
At the time of writing all Travelex websites remain down.
Customer who have been left without exchange options abroad are being refunded by the company on a case-by-case basis. “Customers are encouraged to check their local website for the best way to get in touch with customer support in their respective country,” the company writes.
Read more: Desjardins Group data breach affects all 4.2 million members