Travelex Site Still Down After New Year’s Eve Attack
The websites of a major global currency exchange business are still down after a “software virus” struck the firm on New Year’s Eve last week.
London-headquartered Travelex, which describes itself as “the world's leading foreign exchange specialist,” operates online around the world and in airports, as well as supporting travel money services for several high street lenders in the UK.
A statement on its main UK website written in English, French, Japanese, German, Dutch, Italian and Czech claims that “planned maintenance” is the cause of the “temporary” outage and that it will be back online soon.
However, a notice posted to Twitter and the firm’s dot-com site reveals a different story — that a “software virus” discovered last Tuesday has “compromised some of its services.”
“As a precautionary measure in order to protect data and prevent the spread of the virus, we immediately took all our systems offline. Our investigation to date shows no indication that any personal or customer data has been compromised,” it explained.
“We have deployed teams of IT specialists and external cybersecurity experts who have been working continuously since New Year’s Eve to isolate the virus and restore affected systems.”
The firm’s bricks-and-mortar branches are still working as normal, Travelex added, but reports suggest that both the app and its services to UK banks are impacted.
Some experts suggested ransomware as a likely cause of the incident, with the firm praised for its speedy response.
“Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust,” argued Iain Kothari-Johnson, financial services Lead for cybersecurity at Fujitsu UK.
“Break-glass incident response services, where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan.”
Source: Information Security Magazine