Travelex ‘being held to ransom’ by New Year’s Eve cyber attackers

  • ITV News Business and Economics Editor Joel Hills explains the impact of the hack

Foreign exchange giant Travelex is reportedly being held to ransom by hackers who launched a cyber attack a week ago that forced the firm to take down all its global websites.

It is understood criminals are demanding cash – speculated to be some £2.3 million – from Travelex to give the firm access to its computer systems after they attacked the sites with the infamous Sodinokibi ransomware on December 31.

The exchange company is now dealing with police and the National Crime Agency to investigate the breach.

Hackers are reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless the company pays up.

A message on Travelex sites insist services are down for ‘planned maintenance’ Credit: Travelex

Travelex sites have now been offline for a week, with the firm forced to provide foreign exchange services manually in its branches.

The group’s sites carry a message to visitors that online services are down due to “planned maintenance”.

“The system will be back online shortly,” according to the message.

Travelex first revealed the New Year’s Eve attack on January 2, when it sought to assure that no customer data had yet been compromised as a result of the breach.

It has drafted in teams of IT specialists and external cyber security experts in an attempt to isolate the virus and get affected systems back online, but has so far been unable to gain access and overthrow the hackers.

The attack has had a knock-on effect on online travel money services for its partners. Credit: Tesco Bank/Sainsbury's Bank/First Direct

But it has also been reported that Travelex was recently warned over vulnerabilities in its virtual private networking (VPN) servers.

It comes at a crucial time for the group, with its services in high demand last week over the Christmas holidays.

The attack has also had a knock-on effect on online travel money services for its partners, such as Tesco Bank, Sainsbury’s Bank, Virgin Money and First Direct.

On Tuesday evening, Tony D’Souza, Chief Executive of Travelex, said: "Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise.

"We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused.

"Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online."

London-headquartered Travelex has a presence in more than 70 countries and more than 1,200 branches and 1,000 ATMs worldwide.

It processes more than 5,000 currency transactions every hour.

The group – founded in 1976 – is owned by global payments platform Finablr, which is listed on the London stock exchange but based in the United Arab Emirates.

Travelex declined to comment.