The Chief Executive Officer of Travelex has finally broken his silence concerning a ransomeware attack that forced the firm to suspend services across 30 countries.
Staff working for the foreign exchange company had to revert to using pen and paper when a cyber attack halted travel money sales at banks and supermarkets on New Year’s eve. Reportedly that hackers claiming responsibility for the attack demanded a payment of $6 million (£4.6 million) from the firm.
In a video message on the Travelex website, CEO Tony D’Souza said the IT system used by in-store staff was working again, although other systems remain offline.
In a scripted video that was uploaded to a backup Travelex website, Mr D’Souza said the company had taken its systems down after the cyber attack on New Year’s Eve.
However, while he said the system used by staff is now working, there was no word on when the firm’s main UK website would be returned to service.
That means customers are still unable to order currency online, either from Travelex itself or through the network of banks that use its services, including Barclays, Lloyds, RBS, and the finance websites of Sainsbury’s and Tesco.
Travelex had said little publicly since hackers held its systems to ransom by encrypting its digital files, reportedly demanding $6m (£4.6m) to unlock that data.
But Mr D’Souza said it was “not appropriate” to discuss details of the attack, adding that an investigation was ongoing. “To date, there is no evidence that any data has left the organisation,” he said.
But the hackers, a gang called Sodinokibi, have told the BBC they gained access to the company’s computer network six months ago and claim to have downloaded 5GB of sensitive customer data.
Dates of birth, credit card information and national insurance numbers are all in their possession, they said.
Travelex said it is working closely with the Metropolitan Police, which is leading the investigation into the attack.
Mr D’Souza said the the disruption had been “uncomfortable” for Travelex’s partners and he apologised to customers for the “inconvenience”.
He said the firm had been able to honour “the majority” of online orders placed by customers before 31 December, adding that only a “relatively small proportion” of its end customers used its website to order currency.
One of the interesting things about our retail business is just how much of it might be described as walk-in, … I’m not trying to diminish the disruption that some of our customers [have faced] …
Adding that Travelex had a “clear strategy” to restore the rest of its services, Mr D’ Souza said:
We have made good progress in our recovery and I’m pleased to say our first customer-facing systems are now successfully live,
Sources: Bloomberg, BBC News