Travelex claims it took down its systems after identifying a virus, but refuses to provide more information
Travelex has taken down its currency exchange website following a cyber attack in the form of a virus identified on New Years Eve.
The foreign exchange giant claims that customer data has not been compromised as a result of the breach, but has not divulged more details. It has reverted to manual procedures in its branches as a result of the attack.
In particular, holiday makers that had been using Travelex Money Cards, topping up as they go, have been most affected.
The company said that it had drafted in specialist security teams to deal with the outbreak, while its IT staff had also been called-in to work over the holiday period.
Travelex CEO Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data. We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible."
As of 3pm on the afternoon of Friday 3rd January, the site remains down and customers have been scathing about the company's incident response handling.
"This incident plus your appalling incident management plans and customer service have ruined our trip. Too many unanswered emails and false promises," tweeted recruiter Matt Bartlett, stuck in Canada with no access to money.
Furthermore, the company hasn't provided much more detail about the nature of the attack, leaving industry experts to conjecture about its type and extent.
While Comparitech privacy advocate Paul Bischoff suggested that it might be a targeted attack, he also suggested that it may be down to ransomware. "Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details," said Bischoff, adding that the shutdown could cause some business damage for Travelex.
"Travelex has so far handled the incident well due to its quick response time, and it is good to see personal and customer information does not appear to have been breached. Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust," said Iain Kothari-Johnson, financial services lead for Cyber Security at Fujitsu UK.
He continued: "'Break-glass incident response services', where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan."
Travelex has been progressive in terms of its adoption of IT, shifting elements of its IT infrastructure into the cloud with a migration to Workday five or so years ago, for example, and being an early adopted of serverless computing.
All Computing's coverage of the Travelex ransomware outbreak:
- Travelex refuses to comment on whether it paid ransom to get its data back
- Travelex claims it is 'making good progress' in recovery from Sodinokibi ransomware attack
- Travelex 'negotiating' with Sodinokibi ransomware group threatening to release or sell personal data
- ICO: Travelex hasn't reported a data breach
- Metropolitan Police called-in last week as Travelex FINALLY admits Sodinokibi ransomware attack
- Cyber criminals demand $3 million in ransom from Travelex after infecting its network with Sodinokibi ransomware
- Travelex ignored September warning over 'insecure' VPN server software
- Travelex takes down currency exchange website following New Year's Eve cyber attack