This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.bbc.co.uk/news/business-51017852

The article has changed 7 times. There is an RSS feed of changes available.

Version 2 Version 3
Travelex being held to ransom by hackers Travelex being held to ransom by hackers
(about 3 hours later)
Hackers are holding foreign exchange company Travelex to ransom after a cyber-attack forced the firm to turn off all computer systems and resort to using pen and paper across its thousands of sites. Hackers are holding foreign exchange company Travelex to ransom after a cyber-attack forced the firm to turn off all computer systems and resort to using pen and paper.
On New Year's Eve, hackers launched their attack on the Travelex network.On New Year's Eve, hackers launched their attack on the Travelex network.
As a result, the company took down its websites across 30 countries to contain "the virus and protect data".As a result, the company took down its websites across 30 countries to contain "the virus and protect data".
The hackers are demanding a ransom to give the firm access to its systems. A ransomware gang called Sodinokibi has told the BBC it is behind the hack and wants Travelex to pay $6m (£4.6m).
They have demanded payment in exchange for either restoration of IT systems or the preservation of customer data. The gang, also known as REvil, claims to have gained access to the company's computer network six months ago and to have downloaded 5GB of sensitive customer data.
It is understood that a deadline for payment has been set by the cyber-criminals. Dates of birth, credit card information and social security numbers are all in their possession, they say.
The hackers said: "In the case of payment, we will delete and will not use that [data]base and restore them the entire network.
"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."
Police probe
The Information Commissioner's Office (ICO) said it had not received a data breach report from Travelex.
A spokeswoman added: "Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people's rights and freedoms.
"If an organisation decides that a breach doesn't need to be reported, they should keep their own record of it and be able to explain why it wasn't reported if necessary."
Under General Data Protection Regulation, a company that fails to comply can face a maximum fine of 4% of its global turnover.
The Metropolitan Police is leading the investigation into the attack.The Metropolitan Police is leading the investigation into the attack.
In a statement, the force said: "On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing." In a statement, the force said: "On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Inquiries into the circumstances are ongoing."
Travelex says it is working with police and has deployed teams of IT specialists and external cyber-security experts who have been working continuously.Travelex says it is working with police and has deployed teams of IT specialists and external cyber-security experts who have been working continuously.
'Shockingly bad''Shockingly bad'
According to Fabian Wosar, a ransomware expert at cyber security company Emsisoft, the attack has all the hallmarks of the REvil gang.
"With what we know about the incident and the hackers' mode of operation in the past paints a consistent picture, which leads me to believe that REvil indeed hit Travelex," he said.
"The REvil/Sodinokibi group has been a quite sophisticated group for a long time now. The quoted ransom demands are consistent for the gang's victims of Travelex's size.
"Stealing data essentially gives threat actors additional bargaining chips when it comes to dealing with companies unwilling to pay the ransom. The idea is to weaponise the hefty fines associated with GDPR violations to pressure the company into paying."
The recovery operation is being co-ordinated from a Travelex office in the UK and the company insists that no customer data has been leaked.The recovery operation is being co-ordinated from a Travelex office in the UK and the company insists that no customer data has been leaked.
But it would not say what data could potentially be at risk.But it would not say what data could potentially be at risk.
The Travelex websites across Europe, Asia and the US have been offline since 31 December with a message to visitors that it is down due to "planned maintenance". Travelex websites across Europe, Asia and the US have been offline since 31 December, with a message to visitors that they are down for "planned maintenance".
Customers have not been sent any email communication about the cyber-attack, but queries are being replied to on social media by the company.Customers have not been sent any email communication about the cyber-attack, but queries are being replied to on social media by the company.
"The public response from Travelex has been shockingly bad," said security researcher Kevin Beaumont."The public response from Travelex has been shockingly bad," said security researcher Kevin Beaumont.
"The Travelex UK website still only says 'planned maintenance', a week after the problems began - many customers will be completely unaware hackers gained access to their network, and allegedly their personal data," he said."The Travelex UK website still only says 'planned maintenance', a week after the problems began - many customers will be completely unaware hackers gained access to their network, and allegedly their personal data," he said.
"Travelex have a responsibility to clearly communicate with customers and business partners the gravity of the situation.""Travelex have a responsibility to clearly communicate with customers and business partners the gravity of the situation."
Travelex's decision to take down its site has meant the large network of other firms that use its services cannot sell currency online.Travelex's decision to take down its site has meant the large network of other firms that use its services cannot sell currency online.
The company has said it is keeping its partners up to date on the response to the cyber-attack.The company has said it is keeping its partners up to date on the response to the cyber-attack.
Virgin Money's site showed an error message, which said: "Our online, foreign currency purchasing service is temporarily unavailable due to planned maintenance. The system will be back online shortly."Virgin Money's site showed an error message, which said: "Our online, foreign currency purchasing service is temporarily unavailable due to planned maintenance. The system will be back online shortly."
Sainsbury's Bank also said its online travel money services were unavailable, although it said customers could still buy travel money in its stores. In a statement to the BBC, the bank said: "We're in close contact with Travelex so that we can resume our online service as soon as possible."Sainsbury's Bank also said its online travel money services were unavailable, although it said customers could still buy travel money in its stores. In a statement to the BBC, the bank said: "We're in close contact with Travelex so that we can resume our online service as soon as possible."
A spokesperson for First Direct, which is owned by HSBC, said: "Unfortunately, our online travel money service is currently unavailable due to a service issue with third party service provider, Travelex."A spokesperson for First Direct, which is owned by HSBC, said: "Unfortunately, our online travel money service is currently unavailable due to a service issue with third party service provider, Travelex."
In a statement on Thursday, Travelex boss Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data."In a statement on Thursday, Travelex boss Tony D'Souza said: "We regret having to suspend some of our services in order to contain the virus and protect data."
The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.
"We apologise to all our customers for any inconvenience caused as a result," Mr D'Souza said in the statement."We apologise to all our customers for any inconvenience caused as a result," Mr D'Souza said in the statement.
The company has since told the BBC that its systems are currently down and it is unable to sell or reload its pre-paid travel cards. But, it said: "Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from ATMs."The company has since told the BBC that its systems are currently down and it is unable to sell or reload its pre-paid travel cards. But, it said: "Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from ATMs."
"For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their individual situation and requirements.""For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their individual situation and requirements."
Have you been affected by the cyber-attack on Travelex? Share your experiences by emailing haveyoursay@bbc.co.uk.Have you been affected by the cyber-attack on Travelex? Share your experiences by emailing haveyoursay@bbc.co.uk.
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:
Or use the form belowOr use the form below