Travelex being held to ransom by hackers

Travelex signPicture copyright Getty Photos

Hackers are holding overseas change firm Travelex to ransom after a cyber-attack pressured the agency to show off all laptop methods and resort to utilizing pen and paper.

On New Yr’s Eve, hackers launched their assault on the Travelex community.

In consequence, the corporate took down its web sites throughout 30 international locations to comprise “the virus and defend knowledge”.

A ransomware gang known as Sodinokibi has advised the BBC it’s behind the hack and desires Travelex to pay $6m (£4.6m).

The gang, also referred to as REvil, claims to have gained entry to the corporate’s laptop community six months in the past and to have downloaded 5GB of delicate buyer knowledge.

Dates of beginning, bank card info and social safety numbers are all of their possession, they are saying.

The hackers stated: “Within the case of fee, we are going to delete and won’t use that [data]base and restore them all the community.

“The deadline for doubling the fee is 2 days. Then one other seven days and the sale of all the base.”

Police probe

The Data Commissioner’s Workplace (ICO) stated it had not acquired an information breach report from Travelex.

A spokeswoman added: “Organisations should notify the ICO inside 72 hours of turning into conscious of a private knowledge breach until it doesn’t pose a danger to individuals’s rights and freedoms.

“If an organisation decides {that a} breach would not must be reported, they need to maintain their very own file of it and be capable of clarify why it wasn’t reported if vital.”

Underneath Basic Information Safety Regulation, an organization that fails to conform can face a most positive of 4% of its international turnover.

The Metropolitan Police is main the investigation into the assault.

In an announcement, the drive stated: “On Thursday, 2 January, the Met’s Cyber Crime Group had been contacted close to a reported ransomware assault involving a overseas foreign money change. Inquiries into the circumstances are ongoing.”

Travelex says it’s working with police and has deployed groups of IT specialists and exterior cyber-security consultants who’ve been working constantly.

‘Shockingly unhealthy’

In response to Fabian Wosar, a ransomware professional at cyber safety firm Emsisoft, the assault has all of the hallmarks of the REvil gang.

“With what we all know in regards to the incident and the hackers’ mode of operation previously paints a constant image, which leads me to consider that REvil certainly hit Travelex,” he stated.

“The REvil/Sodinokibi group has been a fairly subtle group for a very long time now. The quoted ransom calls for are constant for the gang’s victims of Travelex’s measurement.

“Stealing knowledge basically offers menace actors further bargaining chips in the case of coping with corporations unwilling to pay the ransom. The thought is to weaponise the hefty fines related to GDPR violations to stress the corporate into paying.”

The restoration operation is being co-ordinated from a Travelex workplace within the UK and the corporate insists that no buyer knowledge has been leaked.

However it will not say what knowledge may doubtlessly be in danger.

Travelex web sites throughout Europe, Asia and the US have been offline since 31 December, with a message to guests that they’re down for “deliberate upkeep”.

Picture copyright Travelex
Picture caption Guests to the Travelex web site are advised that the location is down for “deliberate upkeep”.

Clients haven’t been despatched any e-mail communication in regards to the cyber-attack, however queries are being replied to on social media by the corporate.

“The general public response from Travelex has been shockingly unhealthy,” stated safety researcher Kevin Beaumont.

“The Travelex UK web site nonetheless solely says ‘deliberate upkeep’, every week after the issues started – many shoppers might be utterly unaware hackers gained entry to their community, and allegedly their private knowledge,” he stated.

“Travelex have a duty to obviously talk with prospects and enterprise companions the gravity of the scenario.”

Travelex’s choice to take down its web site has meant the big community of different corporations that use its companies can not promote foreign money on-line.

The corporate has stated it’s retaining its companions updated on the response to the cyber-attack.

Virgin Cash’s web site confirmed an error message, which stated: “Our on-line, overseas foreign money buying service is quickly unavailable because of deliberate upkeep. The system might be again on-line shortly.”

Sainsbury’s Financial institution additionally stated its on-line journey cash companies had been unavailable, though it stated prospects may nonetheless purchase journey cash in its shops. In an announcement to the BBC, the financial institution stated: “We’re in shut contact with Travelex in order that we will resume our on-line service as quickly as attainable.”

Picture copyright Sainsbury’s
Picture caption Sainsbury’s Financial institution’s web site stated it was not capable of take cash orders on-line.

A spokesperson for First Direct, which is owned by HSBC, stated: “Sadly, our on-line journey cash service is at present unavailable because of a service challenge with third celebration service supplier, Travelex.”

In an announcement on Thursday, Travelex boss Tony D’Souza stated: “We remorse having to droop a few of our companies to be able to comprise the virus and defend knowledge.”

The corporate has resorted to finishing up transactions manually, offering foreign-exchange companies over-the-counter in its branches.

“We apologise to all our prospects for any inconvenience induced in consequence,” Mr D’Souza stated within the assertion.

The corporate has since advised the BBC that its methods are at present down and it’s unable to promote or reload its pre-paid journey playing cards. However, it stated: “Present playing cards proceed to operate as regular and prospects within the UK can proceed to spend and withdraw cash from ATMs.”

“For patrons who’ve ordered cash on-line, please contact Travelex buyer companies by cellphone or through social media to debate their particular person scenario and necessities.”

Have you ever been affected by the cyber-attack on Travelex? Share your experiences by emailing

Please embody a contact quantity in case you are keen to talk to a BBC journalist. You too can contact us within the following methods:

Leave a Reply

Your email address will not be published. Required fields are marked *