Travelex crippled since New Year’s eve by ransomware attack

Register now

(Bloomberg) --Travelex Holdings Ltd., the London-based foreign exchange company, said it’s been successful in containing the spread of a cyber attack that forced the firm to suspend services across 30 countries.

It said in a statement on Wednesday that sensitive customer data appeared not to be compromised, and that it was now restoring internal systems.

“Whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted,” Travelex said in the statement. “There is still no evidence that any data has been exfiltrated.”

Shares in parent company Finablr PLC dropped 14% in early trading Wednesday. Investors also sold $75 million in shares via a placement that launched on Tuesday.

BBC News earlier reported that hackers claiming responsibility for the attack were demanding Travelex pay $6 million (4.6 million pounds). They told the news site they’d gained access to the firm’s computer network six months ago and had downloaded 5 gigabytes of sensitive customer data.

The impact of the attack has prevented some banks, such as HSBC, from being able to take travel money orders. A spokeswoman for HSBC in the U.K. said dollars and euros could still be bought at high-street branches, but that its “online and telephone banking travel money service remains unavailable.”

Travelex confirmed the discovery of a software virus on Jan. 2, and said in a statement on its website that IT specialists and cybersecurity experts are working to isolate the virus.

“Our investigation to date shows no indication that any personal or customer data has been compromised,” it said in a statement at the time. Travelex couldn’t immediately be reached for comment Tuesday.

Meanwhile, Travelex’s network of branches is continuing to provide foreign exchange services manually.

Travelex said in a statement Tuesday that it is in discussions with the National Crime Agency and the Metropolitan Police “who are conducting their own criminal investigations, as well as its regulators across the world.”

Ransomware attacks have become a major source of concern for companies and infrastructure in the U.K., the U.S. and elsewhere. Companies, like Norsk Hydro ASA in Norway, have lost millions after being halted for sometimes weeks to restore operations.

(Updates with Travelex statement in third paragraph, shares in fourth paragraph, HSBC comment in sixth)--With assistance from Nate Lanxon

Bloomberg News