Travelex takes down currency exchange website following New Year's Eve cyber attack

Travellers across the world have been affected by the alleged cyber attack on Travelex

Travellers across the world have been affected by the alleged cyber attack on Travelex

Travelex claims it took down its systems after identifying a virus, but refuses to provide more information

Travelex has taken down its currency exchange website following a cyber attack in the form of a virus identified on New Years Eve.

The foreign exchange giant claims that customer data has not been compromised as a result of the breach, but has not divulged more details. It has reverted to manual procedures in its branches as a result of the attack.

In particular, holiday makers that had been using Travelex Money Cards, topping up as they go, have been most affected.

The company said that it had drafted in specialist security teams to deal with the outbreak, while its IT staff had also been called-in to work over the holiday period.

Travelex CEO Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data. We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible."

As of 3pm on the afternoon of Friday 3rd January, the site remains down and customers have been scathing about the company's incident response handling.

"This incident plus your appalling incident management plans and customer service have ruined our trip. Too many unanswered emails and false promises," tweeted recruiter Matt Bartlett, stuck in Canada with no access to money.

Furthermore, the company hasn't provided much more detail about the nature of the attack, leaving industry experts to conjecture about its type and extent.

While Comparitech privacy advocate Paul Bischoff suggested that it might be a targeted attack, he also suggested that it may be down to ransomware. "Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details," said Bischoff, adding that the shutdown could cause some business damage for Travelex.

"Travelex has so far handled the incident well due to its quick response time, and it is good to see personal and customer information does not appear to have been breached. Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust," said Iain Kothari-Johnson, financial services lead for Cyber Security at Fujitsu UK.

He continued: "'Break-glass incident response services', where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan."

Travelex has been progressive in terms of its adoption of IT, shifting elements of its IT infrastructure into the cloud with a migration to Workday five or so years ago, for example, and being an early adopted of serverless computing. 

All Computing's coverage of the Travelex ransomware outbreak

More on Hacking

The average business ransom paid is now above $800,000

Majority of firms lack cyber insurance

Cost, lack of transparency and increasing software requirements are big challenges when it comes to finding an insurer

clock 12 August 2022 • 3 min read
NHS IT outage caused by ransomware attack

Hackers holding NHS IT to ransom

The attacker has made demands but Advanced has remained silent on its level of cooperation

clock 12 August 2022 • 2 min read
Cisco suffered cyber attack from hackers with links to Lapsus$ and Yanluowang gangs in May

Cisco suffered cyberattack by Lapsus$ and Yanluowang hackers

Only non-sensitive data was stolen, Cisco says

clock 11 August 2022 • 3 min read