Travelex 'making progress' after cyberattack
Written by Hannah McGrath
Travelex, a foreign exchange service hit by a ransomware attack, has said it is making good progress on containing the virus and has begun the process of refunding customers while it remains offline.
The company took its website down two weeks ago after a hacking group compromised systems and demanded a reported £4.6 million ransom with a threat to release personal customer data including social security numbers, dates of birth and card information.
Travelex confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil.
In a statement on a temporary website, the company said its online travel money service remains unavailable but sought to reassure customers that an internal investigation has shown that customer data has not been compromised by the attack.
The company said it was in "ongoing communication with partners about the resumption of services" and said it was preparing to issue a "recovery roadmap" this week.
Chief executive Tony D'Souza said: "We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”
The statement posted this morning saidL " the company continues to make good progress with its technology recovery. Having already restored some of its internal and order processing systems, the company is now starting to restore customer-facing systems, beginning with the in-store systems that process customer orders electronically."
Travelex is in discussions with the National Crime Agency (NCA) and the Metropolitan Police who are conducting their own criminal investigations, as well as regulators across the world.
Major customers of Travelex have also experienced issues accessing foreign exchange services, including Barclays, HSBC, and the financial divisions of Sainsburys and Tesco.
D'Souza said "We continue to make good progress with our recovery and have already completed a considerable amount in the background. We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.
He added: “I would like to thank all our partners and customers for their patience and understanding while we work through the technical, commercial, legal, regulatory, law enforcement, and other complexities of a global organisation that has experienced an attack. I also want to thank our 9,000 colleagues around the world who have worked tirelessly, during what has been a very testing time, to support our customers."