Travelex UK Website Still Down After Cyberattack

The British website of foreign currency seller Travelex remains offline as of Friday 3 January, after being taken down following a cyber-attack on Monday 30 December (New Years Eve).

The good news is that an investigation has shown there is no indication the virus has compromised any personal or customer data.

But the fact that nearly a working week later and the website still remains offline following the attack, will be sure to annoy other foreign currency providers (such as Tesco Bank) that rely on Travelex.

Cyber attack

Travelex confirmed the cyber-attack in a statement on Twitter.

“Travelex confirms that a software virus was discovered on New Year’s Eve which has compromised some of its services,” it said. “As a precautionary measure in order to protect data and prevent the spread of the virus, we immediately took all our services offline. Our investigation to date shows no indication that any personal or customer data has been compromised.”

It said that its branches continues to provide services manually, and that it had deployed teams of IT specialists and external cyber security experts to “isolate the virus and restore affected systems.”

“We regret having to suspend some of our services in order to contain the virus and protect data,” Travelex chief executive Tony D’Souza was quoted by the BBC as saying.

“We apologize to all our customers for any inconvenience caused as a result and are doing all we can to restore our full services as soon as possible,” he added.

Travelex of course is global brand and is a major foreign currency exchanger that is said to have a presence in more than 70 countries and more than 1,200 branches and 1,000 ATMs worldwide.

It provides both online foreign currency exchange as well as over the counter (OTC) exchange services at various branches across the globe. This includes major airports and tourist destinations.

It is said to be process more than 5,000 currency transactions every hour.

Ransomware attack?

Security experts were quick to note the attack seemed to be limited to the firm’s website, as it was still able to process transactions manually.

“Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted,” said Javvad Malik, security awareness advocate at KnowBe4.

“The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality,” said Malik. “Websites are the face of a company and are subject to the most attacks. It is important for companies to conduct regular security checks such as penetration testing, as well as vulnerability scan and regular assurance checks against the processing to ensure all public-facing aspects are up to date and running as secure as possible.”

“Not only does such an attack bring services down, but depending on the vulnerability exploited and the duration for which it goes undetected, it can impact customers too,” he warned.

Meanwhile Paul Bischoff, privacy advocate at Comparitech.com noted that the attacked seemed to be designed to disrupt services, rather than steal data.

“Travelex has been tight-lipped about the details of the virus so far,” said Bischoff. “Given that no customer data was leaked, I suspect the attack was intended to disrupt services rather than covertly steal information.”

“Data breaches usually happen quietly unbeknownst to the victim,” Bischoff said. “Ransomware seems a likely culprit, but it’s difficult to say without more details. While customer info seems to be safe, that doesn’t mean their funds are.”

“A shutdown like this can cause a lot of financial damage as a result of lost business, as well as reputational damage that can lead to other businesses breaking ties and looking elsewhere for Forex services,” Bischoff concluded.

Do you know all about security? Try our quiz!