Foreign exchange company, Travelex, has been without IT systems since New Year’s Eve following a cyber attack. Here’s everything you need to know about the Travelex Ransomware Attack…

Providing FX transactions to banks in 30 countries, Travelex has been unable to operate since the attack.

What’s the latest?

The Travelex Ransomware Attack has since been confirmed, and because all of Travelex’s data has been encrypted, staff have reportedly resorted to using pen & paper.

The group behind the Sodinokibi ransomware attack has claimed that 5GB of sensitive customer data has been stolen. This allegedly includes customer dates of birth, credit card information, and national insurance numbers.

On top of this, a ransom of £4.6m has been demanded, with the ransom expected to double within 48 hours.

“It is just business. We absolutely do not care about you or your details, except getting benefits. If we do not do our work and liabilities – nobody will not co-operate with us. It is not in our interests…

…If you do not cooperate with our service – for us it does not matter. But you will lose your time and your data, cause just we have the private key. In practice time is much more valuable than money.” [Sic]

Hackers’ statement [Computer Weekly]

Travelex has so far failed to report the incident to the Information Commissioner’s Office (ICO), claiming that there is currently no proof of any data breach.

In fact, the Travelex website, which has been down for over a week now, reads ‘Our online, foreign currency purchasing service is temporarily unavailable due to planned maintenance. The system will be back online shortly.’

How much will the ransomware attack cost?

This is a live incident, with Travelex still unable to access its data, and the cost will increase with each minute that goes by.

What is certain is that the cost of this data breach (excluding any costs incurred if Travelex chooses to pay the ransom) will reach into the millions of pounds. IBM reported in late 2019 that the average total cost of a breach now stands at £3.03m.

The true cost of this ransomware attack will depend on multiple factors; whether Travelex is handed a GDPR fine, how long the downtime continues for, and whether the ransom is paid.

There is also the hidden cost of loss of business – banks and organisations may choose to work with a competitor if Travelex is found culpable of neglect.

Could the Travelex Ransomware Attack have been prevented?

Early signs are that patches in a VPN service may not have been applied, creating an exploit for hackers.

Businesses use VPNs (virtual private networks) to communicate confidential data securely. It’s an extra line of defence, ensuring private information remains private, and prevents outside access to data communications.

However, the particular VPN service used by Travelex (and many others) published a patch in April 2019 to fix a bug that allowed covert access to the private network.

Kevin Beaumont, of cyber security firm Bad Packets, claimed to have warned Travelex of their unpatched VPN servers as recently as September 2019.

London Metropolitan Police are now investigating the incident, so we’re likely to find out the exact cause in the fullness of time.

Unsure where to start with your cyber security? Download your free Cyber Security Rating Report. It only takes 3 minutes to fill out and delivers a bespoke range of recommendations to help secure your business.

If you have any further questions, you can contact us on 01283 753 333 or
via email at