Travelex takes down currency exchange website following New Year's Eve cyber attack

clock • 3 min read

Travelex claims it took down its systems after identifying a virus, but refuses to provide more information

Travelex has taken down its currency exchange website following a cyber attack in the form of a virus identified on New Years Eve.

The foreign exchange giant claims that customer data has not been compromised as a result of the breach, but has not divulged more details. It has reverted to manual procedures in its branches as a result of the attack.

In particular, holiday makers that had been using Travelex Money Cards, topping up as they go, have been most affected.

The company said that it had drafted in specialist security teams to deal with the outbreak, while its IT staff had also been called-in to work over the holiday period.

Travelex CEO Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data. We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible."

As of 3pm on the afternoon of Friday 3rd January, the site remains down and customers have been scathing about the company's incident response handling.

"This incident plus your appalling incident management plans and customer service have ruined our trip. Too many unanswered emails and false promises," tweeted recruiter Matt Bartlett, stuck in Canada with no access to money.

Furthermore, the company hasn't provided much more detail about the nature of the attack, leaving industry experts to conjecture about its type and extent.

While Comparitech privacy advocate Paul Bischoff suggested that it might be a targeted attack, he also suggested that it may be down to ransomware. "Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details," said Bischoff, adding that the shutdown could cause some business damage for Travelex.

"Travelex has so far handled the incident well due to its quick response time, and it is good to see personal and customer information does not appear to have been breached. Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust," said Iain Kothari-Johnson, financial services lead for Cyber Security at Fujitsu UK.

He continued: "'Break-glass incident response services', where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan."

Travelex has been progressive in terms of its adoption of IT, shifting elements of its IT infrastructure into the cloud with a migration to Workday five or so years ago, for example, and being an early adopted of serverless computing. 

All Computing's coverage of the Travelex ransomware outbreak

You may also like
NSO's Pegasus spyware used to hack exiled Russian journalist


Galina Timchenko led a media outlet Moscow declared ‘undesirable’

clock 14 September 2023 • 2 min read
We tried ChatGPT for vulnerability fixes. Most flaws are too complex for generative AI alone

Security Technology

An experiment with ChatGPT 3.5 found that 80% of code fixes were unusable or introduced new vulnerabilities

clock 12 July 2023 • 4 min read
Windows 11: Can modern tools preserve company culture in the hybrid world?


IT leaders endorse hybrid work, but digital can’t replicate the in-person environment - yet

clock 24 April 2023 • 7 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Asian Tech Roundup: Pressure grows in US-China trade war

Asian Tech Roundup: Pressure grows in US-China trade war

Plus: Google 'accidentally' deletes pension fund's cloud account

Tom Allen
clock 17 May 2024 • 4 min read
Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Cyberattacks on shipping up 400-500% in five years, Lloyds List Intelligence

John Leonard
clock 16 May 2024 • 4 min read
Tories self-refer to ICO over data breach

Tories self-refer to ICO over data breach

Revealed hundreds of personal email addresses by forgetting to BCC

Tom Allen
clock 15 May 2024 • 2 min read