Travelex – Fallout from Cyber Attack Still Having an EffectJanuary 14th, 2020 by Kris Price
On New Year’s Eve 2019, the foreign currency specialist Travelex was compromised by a targeted cyber-attack. This led to the company having to take the drastic, and necessary step of taking its systems offline to prevent the spread of the virus.
Initial reports on social media, stated the company had to carry out “planned maintenance” on key systems before the truth of what happened emerged. The company has since said that it believes no customer data has been compromised following the attack.
The implications of the attack have been felt globally, Travelex was forced to take all its global websites offline. The infamous ransomware gang behind the attack are Sodinokibi and as of 13th January reports state that only today are Travelex able to start bringing systems back online. Two weeks after the initial attack.
Despite the claims of Travelex stating no customer data has been compromised, the cyber criminals are apparently demanding a ransom of $6 million for 5GB of stolen customer data. This information includes Social Security numbers, dates of birth and payment information. All companies that suffer a data breach with potential of customer information being compromised must inform the Information Commissioner within 72 hours of the breach being known. Travelex decided not to inform the IC as it believed no data was compromised, however the company could face a fine of 4% of its global revenues if customer data has been accessed illegally.
On Monday 13th January Tony D’Souza, chief executive of Travelex is quoted as saying “We continue to make good progress with our recovery and have already completed a considerable amount in the background. We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week. We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”
The attack will clearly have an impact on Travelex’s reputation and probably more importantly its revenue! Travelex provides services for some of the world’s largest banking corporations including HSBC, Lloyds, Barclays and RBS.
What can be learnt from this attack?
Firstly, prevention is better than cure! Even if you have the best cyber security tools money can buy, there is one key area you can never fully protect against – human error. Email is a commonly used method of distributing malware, and it only takes one unwitting user to open an infected attachment to compromise your network. Educating your users about the spread of malware and not opening emails from untrusted sources is an absolute necessity.
Secondly, make sure you have a good backup in place, and that you have tested it! If your security is breached and malware has encrypted your data, as long as you have a good, reliable backup this won’t be a problem!
So often, the best form of defence against malware is a reliable and correctly configured backup solution. Whilst you lose any data created between your last recovery point and the time of the infection, it’s often preferable compared to the alternatives (like a $6 million ransom).
BrightCloud Backup provides a reliable, market leading data backup solution for all types of company data and a new feature in the backup software scans all files at the point of backup to check if they are infected with malware. Infected files are quarantined so that they are not recovered on to your production environment, protecting you from the ransomware ‘Attack-Loop’. The scanning also works in the other direction, so if your backup repositories already contain infected files, the software will prevent them from being recovered.
Contact us today for a free ransomware protection consultation and avoid the same fate as Travelex.