Travelex: Fears for customers' personal information after hackers publish stolen data

Details from hack on different company posted online by Sodinokibi group that held Travelex to ransom

Ben Chapman
Monday 13 January 2020 23:29
Comments
Travelex said on Monday that it was beginning to restore its systems after being hit by a cyber attack on New Years Eve
Travelex said on Monday that it was beginning to restore its systems after being hit by a cyber attack on New Years Eve

Criminals who hacked into Travelex’s computer system have published stolen data believed to be from a different attack - leaving customers fearing for the safety of their own personal information.

It is thought to be the first time that hackers behind the Sodinokibi ransomware have released stolen files after a victim did not pay up in time.

The news will ramp up pressure on Travelex to secure its computer systems and bring an end to a crisis that has dragged on for two weeks.

The hackers holding the foreign exchange company to ransom began posting 337MB of customer data on Saturday which they claimed was stolen from a similar attack on American IT firm Artech Systems.

A post which appeared on a Russian hacking website on Saturday stated: “This is a small part of what we have.

“If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details."

Travelex said on Monday it was beginning to restore its systems after being hit by a cyber attack on New Years Eve that has seen customers unable to access their accounts and forced staff to write out transactions using paper and pen.

The company reiterated its stance that there is no evidence its customers’ data has been compromised and that the “majority” of services were up and running.

But experts warned it may not be immediately clear in the wake of a ransomware attack whether or not data has been compromised.

Brett Callow, a threat analyst at cybersecurity firm Emsisoft, warned customers of any company that has fallen victim to hackers to err on the side of caution.

“Working out what happened - and whether data was taken - in the aftermath of a ransomware incident is far from easy," he said.

“It’s a slow and painstaking process that can take several weeks."

He pointed to past cases in which companies that have been targeted claimed that no data was stolen, only for the data that was stolen to be subsequently published by hackers.

Mr Callow advised customers to act as if their data may have been breached and monitor their bank accounts and credit reports.

“If the password they used when accessing Travelex’s services was used on other websites, it should be immediately changed," he said.

“In fact, any reused passwords should be immediately changed - it’s a bad and insecure practice.”

He added: “Companies that have had data stolen have no good options available to them.

“Refusal to pay will probably result in the data being published whereas payment will get them a pinky promise that the data will not be published or monetised.

“As that pinky promise is made by criminals, it carries near-zero weight.”

Travelex has so far declined to say whether or not it has paid money to the Sodinokibi group, which is also known as REvil.

Travelex, which supplies foreign exchange services to the majority of Britain’s major high street banks, issued a statement on Sunday following complaints from customers about a lack of communication regarding the hack.

Chief executive Tony D’Souza said Travelex had made “good progress” on recovering the use of its technology.

He added: “We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”

The company said it would begin to restore customer-facing systems but some users reported on Monday that they still could not log into the app or see account balances.

While it has not found evidence of data theft, Travelex did warn customers to be wary of scammers.

The company said in a statement: "Based on the public attention this incident has received, individuals may try to take advantage of it and attempt some common e-mail or telephone schemes.

"Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone purporting to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on the local customer service number available on Travelex’s website."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in