top of page

UK Banks Foiled by Travelex Ransomware Attack

UK Banks Foiled by Travelex Ransomware Attack


The New Year's Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers.

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a "software virus" on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.

Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally.

The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant.

RBS, Sainsbury's Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident.

Requests for foreign currency are being handled in-branch by many of the banks affected.

According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company's data.

Travelex said on Tuesday that it was not yet clear what data had been affected by the incident.

"To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated," Travelex stated on January 7.

Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: "Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim."

With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex. Source: Information Security Magazine

bottom of page