Travelex starting to turn in-store systems back on after cyber attack

Currency exchange business Travelex has insisted it is making “good progress” on recovering after a ransomware virus on New Year’s Eve led to its systems being shut down.

Bosses said some internal and order processing systems were returning and the company is starting to switch on in-store systems again.

Tony D’Souza, chief executive of Travelex said: “We continue to make good progress with our recovery and have already completed a considerable amount in the background.

“We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”

• Barclays

• Clydesdale Bank

• First Direct

• Halifax

• HBOS

• HSBC

• H&T Pawnbrokers

• Lloyds

• Natwest

• The Royal Bank of Scotland

• Sainsbury’s Bank

• Tesco Bank

• Virgin Money

• Yorkshire Bank

He added: “We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”

Mr D’Souza’s business provides currency exchange services to several high street banks, with HSBC, Lloyds, Barclays and RBS all suspending their online exchanges, which rely on Travelex.

Privately, some suppliers have been critical of the way Mr D’Souza and his team have handled the fallout, with complaints at the lack of details.

But Travelex insisted it will “continue to communicate” with partners about the resumption of services and “provide a road map setting out the next steps in its recovery.”

Travelex said it will start restoring customer-facing systems, beginning with those which enable the company to process orders electronically within its own stores and banking partners.

It added: “This follows the restoration of many of the internal capabilities necessary to support partner and customer services, which has been in progress since the beginning of last week.”

Travelex was forced to take all its global websites offline and is reportedly being held to ransom by the infamous ransomware gang called Sodinokibi, also known as REvil.

It is understood the criminals are demanding cash – speculated to be some six million US dollars (£4.6 million) – and is reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless Travelex pays up.

Travelex insists that no customer data has been breached and is in communication with the National Cyber Security Centre (NCSC) and the Metropolitan Police.

The company decided against formally informing the Information Commissioner when the virus was first detected, and continues to insist no data has been breached, however, it has been in informal communications.

All companies that sees customer information breached must inform the Information Commissioner within 72 hours or risk a fine up to 4% of global revenues.