Travelex continues to insist that no customer data was compromised in new video update from CEO

Customer-facing systems are being restored, says Travelex CEO Tony D'Souza, 18 days after the ransomware attack broke out

Travelex has reiterated its claim that it has found "no evidence" that customer data has been compromised in a video update delivered by its CEO, Tony D'Souza, on the company's website. However, the company remains ambiguous about whether it paid-off the attackers in order to restore access to its encrypted data.

"At all times we remained focused on protecting our customers' data and containing the virus. We engaged internationally renowned cyber experts to run forensic analysis who have not to date uncovered any evidence to suggest that any customer data has left the organisation," claimed D'Souza.

We are now making good progress towards recovery in a managed way, putting integrity and security at the heart of our plans

The update from the CEO comes 18 days into the ransomware attack that forced the company to take down its IT systems and to revert to manual processes.

The company took its website offline on New Year's Eve in response to the attack, which also prevented travellers from updating their foreign currency debit cards, stopped banks reliant on Travelex from providing foreign currency services, and took down the company's UK money transfer service.

"When we first discovered the virus, we took the tough decision to first isolate the parts of the business where it was initially found and then take down the rest of our systems.

"This enabled us to prevent its spread and minimise the damage. The majority of our business did, in fact, remain operational. We could - and did - continue to provide many of our customer services through our retail outlets, even though some of the central system necessary to provide online services, and manage our wholesale and outsourcing services were unavailable," said D'Souza.

We don't just want to get back to business as usual. We want to build a better, stronger business

He continued: "Our priority now is on restoring our systems so that our range of services is up and running. That means you can transact with us in the way that is most convenient to you... We are now making good progress towards recovery in a managed way, putting integrity and security at the heart of our plans.

"And also enhancing parts of our infrastructure in line with our technology strategy. We don't just want to get back to business as usual. We want to build a better, stronger business, which gives you full confidence in the integrity and resilience of our technology."

The on-camera apology and explanation today is the first appearance in more than two weeks by the CEO of the company. D'Souza did not disclose whether Travelex had paid the ransom, which was initially reported as $3 million, but later raised to $6 million. Furthermore, statements from the company in response to journalists' questions remain ambiguous.

In a statement to Computing earlier this week, the company said: "There is an ongoing investigation. We have taken advice from a number of experts and we are not going to discuss this."

The lack of a flat denial in response to questions over whether it paid the ransom demanded by the attackers has fuelled speculation that the company paid-up. Yet earlier this week in a previous update, the company warned customers that they could be targeted in phone and email scams.

Last week, the Information Commissioner's Office told Computing that Travelex hadn't reported a data breach within the 72 hours demanded under GDPR. In the update today, Travelex appears to have doubled (and tripled) down on this position.