The cyber hacking saga at Travelex continues as media reports now suggest the international foreign currency dealer has fallen prey to a ransomware attack with a group called Sodinokibi claiming responsibility for the incident and demanding a US$6 million payment to restore systems.
Since the initial incident on New Year’s Eve, Travelex has been forced to take down its websites across 30 countries to try to contain the virus and protect data. In the meantime, the company has been resorting to undertaking transactions manually.
The hacking cell, also known as REvil, claims to have gained access to the company’s computer network six months ago and to have downloaded 5GB of sensitive customer data. Dates of birth, credit card information and national insurance numbers are all in their possession, the group claims.
Rebuffing this claim, Travelex in a press statement issued on January 7, said “…the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.”
It is not clear whether Travelex is considering paying any amount of ransom in order to gain back control of its data and systems. Security experts typically advise that victims not pay ransoms to threat actors, though in a post-General Data Protection Regulation (GDPR) world, where companies run the risk of a fine amounting to up to 4% of global annual turnover for cyber security posture violations, it is a less clear-cut discussion.
With annual turnover amounting to approximately US$1 billion, Travelex could be on the hook for as much as US$40 million, were regulators to find that customer data had been compromised as a result of this hack, and that Travelex could have done more to prevent it.
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment