INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesHackers are holding foreign exchange company Travelex to ransom after a cyber-attack forced the firm to turn off
all computer systems and resort to using pen and paper.On New Year's Eve, hackers launched their attack on the Travelex network.As a result,
the company took down its websites across 30 countries to contain "the virus and protect data".A ransomware gang called Sodinokibi has told
the TheIndianSubcontinent it is behind the hack and wants Travelex to pay $6m (£4.6m).The gang, also known as REvil, claims to have gained
access to the company's computer network six months ago and to have downloaded 5GB of sensitive customer data
Dates of birth, credit card information and national insurance numbers are all in their possession, they say.The hackers said: "In the case
of payment, we will delete and will not use that [data]base and restore them the entire network
"The deadline for doubling the payment is two days
Then another seven days and the sale of the entire base."Police probeThe Information Commissioner's Office (ICO) said it had not received a
data breach report from Travelex
A spokeswoman added: "Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose
a risk to people's rights and freedoms
"If an organisation decides that a breach doesn't need to be reported, they should keep their own record of it and be able to explain why it
wasn't reported if necessary."Under General Data Protection Regulation, a company that fails to comply can face a maximum fine of 4% of its
global turnover.The Metropolitan Police is leading the investigation into the attack
In a statement, the force said: "On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware
attack involving a foreign currency exchange
Inquiries into the circumstances are ongoing."Travelex says it is working with police and has deployed teams of IT specialists and external
cyber-security experts who have been working continuously.'Shockingly bad'According to Fabian Wosar, a ransomware expert at cyber security
company Emsisoft, the attack has all the hallmarks of the REvil gang
"With what we know about the incident and the hackers' mode of operation in the past paints a consistent picture, which leads me to believe
that REvil indeed hit Travelex," he said."The REvil/Sodinokibi group has been a quite sophisticated group for a long time now
The quoted ransom demands are consistent for the gang's victims of Travelex's size
"Stealing data essentially gives threat actors additional bargaining chips when it comes to dealing with companies unwilling to pay the
The idea is to weaponise the hefty fines associated with GDPR violations to pressure the company into paying."The recovery operation is
being co-ordinated from a Travelex office in the UK and the company insists that no customer data has been leaked.But it would not say what
data could potentially be at risk.Travelex websites across Europe, Asia and the US have been offline since 31 December, with a message to
visitors that they are down for "planned maintenance".Image copyrightTravelexImage caption
Visitors to the Travelex
website are told that the site is down for "planned maintenance".
Customers have not been sent any email communication about
the cyber-attack, but queries are being replied to on social media by the company
"The public response from Travelex has been shockingly bad," said security researcher Kevin Beaumont
"The Travelex UK website still only says 'planned maintenance', a week after the problems began - many customers will be completely unaware
hackers gained access to their network, and allegedly their personal data," he said."Travelex have a responsibility to clearly communicate
with customers and business partners the gravity of the situation."Travelex's decision to take down its site has meant the large network of
other firms that use its services cannot sell currency online.The company has said it is keeping its partners up to date on the response to
the cyber-attack.Virgin Money's site showed an error message, which said: "Our online, foreign currency purchasing service is temporarily
unavailable due to planned maintenance
The system will be back online shortly."Sainsbury's Bank also said its online travel money services were unavailable, although it said
customers could still buy travel money in its stores
In a statement to the TheIndianSubcontinent, the bank said: "We're in close contact with Travelex so that we can resume our online service
as soon as possible."Image copyrightSainsbury's Image caption
Sainsbury's Bank's website said it was not able to take
money orders online.
A spokesperson for First Direct, which is owned by HSBC, said: "Unfortunately, our online travel money
service is currently unavailable due to a service issue with third party service provider, Travelex."In a statement on Thursday, Travelex
boss Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data."The company has
resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches."We apologise to all
our customers for any inconvenience caused as a result," Mr D'Souza said in the statement.The company has since told the
TheIndianSubcontinent that its systems are currently down and it is unable to sell or reload its pre-paid travel cards
But, it said: "Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from
ATMs.""For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their
individual situation and requirements."Have you been affected by the cyber-attack on Travelex? Share your experiences by emailing
haveyoursay@TheIndianSubcontinent.co.uk.Please include a contact number if you are willing to speak to a TheIndianSubcontinent journalist
You can also contact us in the following ways:WhatsApp: +44 7756 165803Tweet: @TheIndianSubcontinent_HaveYourSaySend pictures/video to
yourpics@TheIndianSubcontinent.co.ukUpload your pictures / video hereText an SMS or MMS to 61124 or +44 7624 800 100Please read our terms -
conditions and privacy policy
