Travelex was struck by hackers on New Year’s Eve. This resulted in them needing to take down their websites across 30 countries to help reduce the effect of the virus and “protect data”.
The hacker group known as Sodinokibi or REvil has taken credit for this attack and has told the BBC that they want Travelex to pay up to £4.6 million for them to return the stolen data. They claimed to have started burrowing into Travelex’s computer network around 6 months ago and have downloaded over 5GB of sensitive customer data. The data they have allegedly taken is said to include customers’ dates of birth, credit card details and national insurance numbers.
A quote from the hacker group states: “In the case of payment, we will delete and will not use that database and restore the entire network. The deadline for doubling the payment is two days. Then another seven days and then the sale of the entire database.”
Travelex have been reluctant to reply to customer queries or complaints about the issue yet and their response to the public has been described as “shockingly bad” by security researcher Kevin Beaumont. “The Travelex UK website still only says ‘planned maintenance’, a week after the problems began – many customers will be completely unaware hackers gained access to their network, and allegedly their personal data,” he continued. “Travelex have a responsibility to clearly communicate with customers and business partners the gravity of the situation.”
Not everything is known about the extent of the breach at this moment.
If you are unsure about any aspect of your IT security get in touch.
Photo by Patrick Donnelly on Unsplash