Travelex has taken down its currency exchange website following a cyber attack in the form of a virus identified on New Years Eve.
The foreign exchange giant claims that customer data has not been compromised as a result of the breach, but has not divulged more details. It has reverted to manual procedures in its branches as a result of the attack.
In particular, holiday makers that had been using Travelex Money Cards, topping up as they go, have been most affected.
The company said that it had drafted in specialist security teams to deal with the outbreak, while its IT staff had also been called-in to work over the holiday period.
Travelex CEO Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data. We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible."
As of 3pm on the afternoon of Friday 3rd January, the site remains down and customers have been scathing about the company's incident response handling.
"This incident plus your appalling incident management plans and customer service have ruined our trip. Too many unanswered emails and false promises," tweeted recruiter Matt Bartlett, stuck in Canada with no access to money.
Furthermore, the company hasn't provided much more detail about the nature of the attack, leaving industry experts to conjecture about its type and extent.
While Comparitech privacy advocate Paul Bischoff suggested that it might be a targeted attack, he also suggested that it may be down to ransomware. "Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details," said Bischoff, adding that the shutdown could cause some business damage for Travelex.
"Travelex has so far handled the incident well due to its quick response time, and it is good to see personal and customer information does not appear to have been breached. Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust," said Iain Kothari-Johnson, financial services lead for Cyber Security at Fujitsu UK.
He continued: "'Break-glass incident response services', where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan."
Travelex has been progressive in terms of its adoption of IT, shifting elements of its IT infrastructure into the cloud with a migration to Workday five or so years ago, for example, and being an early adopted of serverless computing.
All Computing's coverage of the Travelex ransomware outbreak:
- Travelex refuses to comment on whether it paid ransom to get its data back
- Travelex claims it is 'making good progress' in recovery from Sodinokibi ransomware attack
- Travelex 'negotiating' with Sodinokibi ransomware group threatening to release or sell personal data
- ICO: Travelex hasn't reported a data breach
- Metropolitan Police called-in last week as Travelex FINALLY admits Sodinokibi ransomware attack
- Cyber criminals demand $3 million in ransom from Travelex after infecting its network with Sodinokibi ransomware
- Travelex ignored September warning over 'insecure' VPN server software
- Travelex takes down currency exchange website following New Year's Eve cyber attack
Websites trading in stolen debit and credit cards, as well as personal information, have gone dark following raids last week by the FSB
Working from home, staying secure: 14 Identity & Access Management tools to deal with the coronavirus fallout
With record numbers working remotely during the COVID-19 crisis, CIOs and CISOs must look at how to maintain identity and access securely across a dispersed network
Hillarys’ Head of ICT Julian Bond talks to Computing about how the UK-based manufacturer responded to the coronavirus crisis – culminating this week in the government-ordered lockdown
Half of all UK businesses hit by security breaches in the past 12 months, according to government Cyber Security Breaches Survey 2020
More businesses and charities than ever are being hit by cyber attacks, according to the latest survey – but organisation are also becoming more resilient
APT41 attacks carried out between January and March targeted unsecured Citrix NetScaler servers and Cisco routers