[BreachExchange] Travelex boss breaks silence 17 days after cyber attack

Destry Winant destry at riskbasedsecurity.com
Fri Jan 17 10:27:38 EST 2020


https://www.bbc.com/news/business-51152151

The boss of Travelex has broken his silence about a cyber attack that
forced its staff to use pen and paper and halted travel money sales at
some banks and supermarkets.

The firm has released a number of short statements since cyber
criminals held the firm to ransom on 31 December.

But in a video message on the firm's website, boss Tony D'Souza said
the IT system used by in-store staff was working again.

However, other systems remain offline.

In a scripted video that was uploaded to a backup Travelex website, Mr
D'Souza said the company had taken its systems down after the cyber
attack on New Year's Eve.

However, while he said the system used by staff is now working, there
was no word on when the firm's main UK website would be returned to
service.

That means customers are still unable to order currency online, either
from Travelex itself or through the network of banks that use its
services, including Barclays, Lloyds, RBS, and the finance websites of
Sainsbury's and Tesco.

Travelex had said little publicly since hackers held its systems to
ransom by encrypting its digital files, reportedly demanding $6m
(£4.6m) to unlock that data.

But Mr D'Souza said it was "not appropriate" to discuss details of the
attack, adding that an investigation was ongoing. "To date, there is
no evidence that any data has left the organisation," he said.

But the hackers, a gang called Sodinokibi, have told the BBC they
gained access to the company's computer network six months ago and
claim to have downloaded 5GB of sensitive customer data.

Dates of birth, credit card information and national insurance numbers
are all in their possession, they said.

Travelex said it is working closely with the Metropolitan Police,
which is leading the investigation into the attack.

Mr D'Souza said the the disruption had been "uncomfortable" for
Travelex's partners and he apologised to customers for the
"inconvenience".

He said the firm had been able to honour "the majority" of online
orders placed by customers before 31 December, adding that only a
"relatively small proportion" of its end customers used its website to
order currency.

"One of the interesting things about our retail business is just how
much of it might be described as walk-in," he said. However, he said:
"I'm not trying to diminish the disruption that some of our customers
had faced."

Mr D'Souza said Travelex had a "clear strategy" to restore the rest of
its services. "We have made good progress in our recovery and I'm
pleased to say our first customer-facing systems are now successfully
live," he said.


More information about the BreachExchange mailing list