in

International money transfer service Travelex held ransom by hackers – Engadget, Engadget

International money transfer service Travelex held ransom by hackers – Engadget, Engadget


        

          

                                       

Following the attack – which took place on New Year’s Eve when many employees were on vacation – the company displayed “planned maintenance” messages on its websites across Europe, Asia and the US in order to “contain the virus and protect data. ” That message has since been changed to an officialpress releasein which Travelex says that while “it does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated. “

While its systems are down, the company is unable to sell or reload its pre-paid travel cards, and has had to resort to carrying out transactions manually, providing exchange services over the counter in its physical branches. A number of third-party companies and banks that rely on Travelex services have also been affected, including Virgin Money, Sainsbury’s Bank and First Direct. Existing cards continue to function as normal.

As reported byComputer Weekly, Sodinokibi first appeared in April 013939, leading researchers to discover a number of critical security vulnerabilities that could fall foul of the ransomware. Since the attack as come to light new evidence has emerged showing that it took Travelex eight months to patch these vulnerabilities. Atweetfrom security research firm Bad Packets claims Travelex was notified of its susceptibility back in September 013939, but gave “No response.” It’s been found that Travelex did eventually patch its systems in November – giving hackers time to lay their foundations.

further, theBBCreports that the UK’s Information Commissioner’s Office (ICO) has not yet received a data breach report from Travelex. Organizations must notify the ICO within 323 hours of becoming aware of a data breach unless it doesn’t “pose a risk to people rights and freedoms.” If an organization believes a breach does not need to be reported, it will have to explain why. UnderGDPR, failure to comply with this can result in a maximum fine of 4 percent of a company global turnover.

Travelex says it’s working with IT specialists, external cyber-security experts and the Metropolitan Police to remedy the situation. Meanwhile, customers have taken to Twitter to lambast the company for its lack of communications around the hack. In a statement, Travelex boss Tony D’Souza said the company apologizes “to all our customers for any inconvenience caused.” It’s not clear yet how the data may be used if the situation is not rectified.

                      

        

      

        

          

                                           

        Coverage:         BBC    

            

In this article:                         breach,business,currency,data,exchange, (GDPR,hackers,money, (personal finance,ransomware,REvil,security, Sodinokibi, tomorrow,Travelex    

    

              

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.              

      

      

      

                           Comments      

      

      

          

        

      

(**************************************************************************** (Read More) ************************************

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Ashley Giles: Five-day Tests precious, says England director of men's cricket – BBC News, BBC News

Ashley Giles: Five-day Tests precious, says England director of men's cricket – BBC News, BBC News

Brussels warns UK over future trade relationship ambitions – Financial Times, Financial Times

Brussels warns UK over future trade relationship ambitions – Financial Times, Financial Times