Foreign exchange giant Travelex is reportedly being held to ransom by hackers who launched a cyber attack a week ago that forced the firm to take down all its global websites.
It is understood criminals are demanding cash – speculated to be some 3 million US dollars (£2.3 million) – from Travelex to give the firm access to its computer systems after they attacked the sites with the infamous Sodinokibi ransomware on December 31.
They are reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless the company pays up.
Travelex sites have now been offline for a week, with the firm forced to provide foreign exchange services manually in its branches.
The group’s sites carry a message to visitors that online services are down due to “planned maintenance”.
“The system will be back online shortly,” according to the message.
Travelex first revealed the New Year’s Eve attack on January 2, when it sought to assure that no customer data had yet been compromised as a result of the breach.
It has drafted in teams of IT specialists and external cyber security experts in an attempt to isolate the virus and get affected systems back online, but has so far been unable to gain access and overthrow the hackers.
The Metropolitan Police are leading the investigation into the attack.
But it has also reportedly emerged that Travelex was recently warned over vulnerabilities in its virtual private networking (VPN) servers.
It comes at a crucial time for the group, with its services in high demand last week over the Christmas holidays.
The attack has also had a knock-on effect on online travel money services for its partners, such as Tesco Bank, Sainsbury’s Bank, Virgin Money and First Direct.
London-headquartered Travelex has a presence in more than 70 countries and more than 1,200 branches and 1,000 ATMs worldwide.
It processes more than 5,000 currency transactions every hour.
The group – founded in 1976 – is owned by global payments platform Finablr, which is listed on the London stock exchange but based in the United Arab Emirates.
Travelex declined to comment.