Hackers demand '$3 million ransom' from Travelex

7 January 2020, 14:33

Travelex has reportedly been targeted by a ransomware attack
Travelex has reportedly been targeted by a ransomware attack. Picture: PA
Nick Hardinges

By Nick Hardinges

Foreign exchange company Travelex has been held to ransom by hackers, forcing staff to use pen and paper to record transactions.

Police are investigating the ransomware attack that forced the company to take all its sites offline after being hit by a software virus on New Year’s Eve.

Rumours suggest the hackers are demanding $3 million from the firm after copying "more than 5GB of users' personal data."

Travelex staff, who process 5,000 currency transactions every hour, have been forced to handle all exchange services manually.

The attack came as many holidaymakers were abroad for the festive period.

Ransomware attacks are when hackers take control of an individual's or an organisation's computer systems and block access until either a payment or other exchange has been completed.

It is believed the hackers have demanded money from Travelex in order for it to regain access to its systems.

The hackers have allegedly set a deadline for payment.

A planned maintenance message on the company's website
A planned maintenance message on the company's website. Picture: Travelex

Initial investigations by the firm found that no personal or customer data had been breached.

However, the Metropolitan Police's Cyber Crime Team are now making enquiries "with regards to a reported ransomware attack."

In a statement, the force said: "On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange.

"Enquiries into the circumstances are ongoing."

The company are working with police and has set up a team of IT specialists and external cyber security experts to help with the investigation.

Following the attack, the chief executive of Travelex, Tony D’Souza, said: “We regret having to suspend some of our services in order to contain the virus and protect data.

“We apologise to all our customers for any inconvenience caused as a result.We are doing all we can to restore our full services as soon as possible.”

The decision to take the site down has affected other services that use Travelex, including Tesco Bank.

Twitter users have complained to Tesco Bank about the issue.

Tesco Bank replied to one customer: "We're unable to help with Travel Money queries here as our Travel Money is administered and managed by Travelex.

"In the meantime, you can still visit one of our in-store bureaux to collect or purchase your currency. Sorry for any inconvenience."

The cyber attack comes almost two years after Travelex was involved in another IT crisis, when it mistakenly leaked customer data from thousands of Tesco Bank accounts.

The group shared the database by mistake in March 2018, exposing the details of 17,000 people, including full names, emails, phone numbers, IP addresses and the final digits of bank cards.