The world’s largest foreign currency exchange, Travelex, has been forced offline by a ransomware attack. The London-based currency exchange company immediately took all its systems offline after detecting the software virus on December 31st to prevent the spread of the virus further across the network. Tony D’Souza, the Travelex chief executive, said in a statement, “We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data, as well as provide an excellent service to our customers, and we sincerely apologize for the inconvenience.”
Travelex, which has more than 1,200 stores, kiosks, and counters in at least 70 countries, has been offering only over-the-counter services since New Year’s Eve. While the locations are still changing money, its representatives must do the calculations by hand using rates issued each morning from its headquarters.
The virus that was used is reportedly the Sodinokibi ransomware, also known as REvil, which is used to encrypt data. In their ransom demand, the hackers said they have had access to Travelex’s systems for half a year and stole five gigabytes of sensitive customer data including birthdates, credit card information, and more. They have demanded $6 million by Jan. 14 for the data’s return or they would sell it.
Travelex said in its statement that it had contained the threat and had no evidence that customer data had been removed. The company declined to provide details on how many customers had been affected or when it expected the problem to be resolved. The matter is being investigated by London’s Metropolitan Police, the National Crime Agency, and the National Cyber Security Center. It could take weeks for Travelex to determine how the hackers gained access to its system.