Hackers are holding Travelex to ransom after a cyberattack forced the foreign currency provider to shut down its systems and resort to using pen and paper in its branches.
On New Year’s Eve, hackers launched their attack on Travelex.
The BBC reported that a cyber gang called Sodinokibi (also known as REvil) contacted the news organisation to claim responsibility for the attack. The hackers are said to be demanding as much as $6 million (£4.6 million) to prevent them from releasing customer information, including dates of birth and credit card information.
The breach was not reported within 72 hours
The Information Commissioners Office (ICO) said it has not received a data breach report from Travelex.
For failing to comply with the ICO, they may be opening themselves up to fines up to 4% of their global turnover.
Travelex says that it is working with the police and has deployed teams of IT specialists and external cyber-security experts who have been working continuously.
Early investigations suggested that no personal or customer data has been compromised. However individuals claiming to be affiliated with the group have said that personal information could be released online if the ransom isn’t paid.
Travelex took down its websites
In an attempt to stop the virus from spreading the company took all of its websites offline. The websites have been down since New Year’s Eve.
Chief-executive Tony D’Souza said “We regret having to suspend some of our services in order to contain the virus and protect data”.
Knock-on effect
Third parties which work with Travelex to provide foreign currency purchases are also currently unavailable.
To discuss your digital exposure and see whether your company could benefit from cyber insurance, please call us on 01527 874092. We can run a free cyber risk assessment that will give you some insight into the types of risks you are exposed to.