How a cyber attack by Sodinokibi ransomware hit travel money firm Travelex – and everything you need to know

Share this article

Foreign exchange giant Travelex is reportedly being held to ransom by cyber hackers.

The hackers struck on New Year's Eve forcing the London-headquartered firm - which has a presence in more than 70 countries, with more than 1,200 branches and 1,000 ATMs worldwide - to take down all its global websites.

(Photo: Shutterstock)

(Photo: Shutterstock)

Here's everything we know about the attack:

What do the hackers want?

A ransomware gang called "Sodinokibi" told the BBC it is behind the hack, and is demanding cash - thought to be about 6 million US dollars (£4.6 million) - from Travelex to give the firm access to its computer systems after they attacked the sites.

They are reportedly threatening to release 5GB of customers' personal data - including social security numbers, dates of birth and payment card information - into the public domain unless the company pays up.

(Photo: Shutterstock)

(Photo: Shutterstock)

The hackers - also known as "REvil" - told the BBC: "In the case of payment, we will delete and will not use that [data]base and restore them the entire network.

"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."

Travelex says there is no evidence customer data has been compromised.

What is being done about the attack?

(Photo: Getty Images)

(Photo: Getty Images)

Travelex sites have now been offline for over a week, with the firm forced to provide foreign exchange services manually in its branches.

The group's sites carry a message to visitors that online services are down due to "planned maintenance".

"The system will be back online shortly," according to the message.

Officers from the Metropolitan Police are leading the investigation into the attack, but the Information Commissioner's Office (ICO) said it had not received a data breach report from Travelex.

An ICO spokeswoman told the BBC: "Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people's rights and freedoms.

"If an organisation decides that a breach doesn't need to be reported, they should keep their own record of it and be able to explain why it wasn't reported if necessary."

In a statement, the Metropolitan Police said: "On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Inquiries into the circumstances are ongoing."

How does the hack affect me?

Travelex first revealed the New Year's Eve attack on January 2, when it sought to assure that no customer data had yet been compromised as a result of the breach.

It has drafted in teams of IT specialists and external cyber security experts in an attempt to isolate the virus and get affected systems back online, but has so far been unable to gain access and overthrow the hackers.

The hack came at a crucial time for the group, with its services in high demand over the Christmas holidays.

The attack also had a knock-on effect on online travel money services for its partners, such as Tesco Bank, Sainsbury's Bank, Virgin Money and First Direct, who also cannot sell currency online.

And now, the effect have spread to a number of High Street banks, who have stopped customers ordering foreign currency.

Lloyds, Barclays and Royal Bank of Scotland - who all get their foreign notes from Travelex - are affected while Travelex's computer system is down.

Can I still use Travelex's services?

Customers have not been sent any email communication about the cyber-attack, but queries are being replied to on social media by the company.

"We apologise to all our customers for any inconvenience caused as a result," Travelex boss Tony D'Souza said in a statement.

"Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from ATMs.

"For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their individual situation and requirements."