The numbers that usually glow with exchange rates on Travelex boards in airports worldwide have gone dark, after the London-based currency exchange company was forced to go offline after it discovered a ransomware attack on December 31.
The disruption has also affected banks like Barclays, Royal Bank of Scotland and HSBC, which have been unable to fulfill foreign currency orders for their customers.
Travelex said it had contained the threat and had no evidence that customer data had been removed. It has been offering only over-the-counter services since New Year’s Eve, when it discovered that it had been compromised by ransomware known as Sodinokibi, or REvil.
The hackers told the BBC on Wednesday that they had downloaded 5 gigabytes of sensitive customer data since gaining access to Travelex six months ago and intended to sell it if there was no response by January 14. They have demanded $6 million for the data’s return.
Travelex, which has more than 1,200 stores, kiosks and counters in at least 70 countries, said in an online statement that it did not have a “complete picture” of what had happened to its data. The company declined to provide details on how many customers had been affected, what data was at risk or when it expected the problem to be resolved.
“We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data,” Tony D’Souza, the Travelex chief executive, said in the statement. Travelex is still changing money, but must do the calculations by hand, based on rates issued each morning from its headquarters. At a London branch of Travelex on Thursday, its ATMs permitted withdrawals only in pounds and the screens that usually show the exchange rates offered for each currency were blank.
The episode raised questions about how many more parts of the financial system could be at risk, said Bob Sullivan, a cybersecurity expert. “A big payment company that has tentacles into hundreds of institutions: It’s a reminder of how fragile these systems are,”he said.
Source: timesofindia.indiatimes.com