SECURITY SOLUTIONS TODAY28 Jan 2020
High-street Banks Face Disruption Three Weeks After Travelex Hack
cyber attacks
Views: 213

High-street banks are still struggling to offer foreign exchange services, three weeks after Travelex shut down its computer systems after cyber gangsters installed sophisticated malware that encrypted the company’s data.

Barclays Bank, HSBC, First Direct, Virgin, Clydesdale and Tesco Bank, which rely on Travelex for foreign exchange services, have confirmed that they are still unable to offer online exchange services or process orders for foreign currency.

The news comes after Travelex, which employs 9,000 people in 70 countries, said on Friday that it had begun to restore some IT services to some of its outlets in the UK, as part of a phased programme to restore services worldwide. Travelex websites in 21 countries were out of action yesterday, displaying messages alerting customers to a “virus” attack that had disrupted its foreign exchange services. Only its websites in South Africa and Brazil have not been affected. An assistant in a Travelex outlet confirmed that the bureau was unable to take card payments for foreign currency, had only limited stocks of some currencies, and was unable to request further supplies of currencies that were running short from Travelex.

Travelex CEO Tony D’Souza said in a video statement on Friday that the company was beginning to restore some IT services at its UK outlets. “We have started with those capabilities of the business which impact our customers most, forex services and our VAT refunds, which we are bringing back in a phased way,” he said.

Staff in retail outlets have been forced to record transactions with pen and paper since cyber attackers used the Sodinokibi ransomware to encrypt sensitive data – including the names of clients and bank account and transaction details – on the company’s computer systems.

Travelex said it is introducing systems that will enable staff to record transactions “electronically”, starting with its outlets in the UK, but declined to say whether this meant anything more sophisticated than giving staff access to a spreadsheet or word document. The company faced demands for a $6m ransom to decrypt its computers after hackers infiltrated its computer network in the early hours of New Year’s Day. Travelex has not disclosed whether it has paid the ransom. Travelex left critical security weaknesses in the Pulse Secure virtual private network (VPN) servers it uses to provide staff with remote internet access to its central computers unpatched – leaving the company’s networks vulnerable to attacks by criminals for eight months.

D’Souza said Travelex had been working with a world-renowned cyber expert to contain the ransomware attack and was shifting its attention to remediation and recovery. “Our focus is on bringing systems up and running in such a way that we are not just returning to business as usual, but actually creating a stronger business,” he said. “We are enhancing and upgrading some systems along the way.”

The company said it is in an “advanced” state of restoring its VAT refund service. The service allows overseas visitors to reclaim VAT on their spending in the UK from Travelex outlets at Heathrow Airport. Staff have been recording transactions using pen and paper, but will be able to record transactions “electronically” once the service is up and running.

In Qatar, Travelex posted a notice on its website saying that the company had cleared its systems which were back online, and operating in stores as normal, on 7 January 2020. It said, “Travelex Qatar customer data is not being sent to any central database in the UK”.

Travelex has hired Brunswick, which describes itself as strategic advisory firm, to manage its communications about the crisis. Brunswick offers specialist services designed to minimise damage to organisations’ reputation following successful cyber attacks. The company’s website says: “There may be an external perception of responsibility, even culpability by the company. How companies prepare for, respond to and lead after an attack is more important than the attack itself.”

Travelex has been criticised for being slow to explain to the public why its services were offline, with websites displaying notices saying they were unavailable because of “planned maintenance” for days after the company was hit.

Britain’s high-street banks that rely on Travelex for online foreign currency services said this week that they had been unable to resume foreign exchange services disrupted by the cyber attack. HSBC and First Direct said they were unable to take orders for foreign exchange online, through telephone banking or in branches, but had told customers they would restore travel money services once it is safe to do so.

Barclays Bank has apologised to customers and said it was working with Travelex to get its foreign exchange services up and running as quickly as possible. Clydesdale Bank and Halifax displayed notices on their websites saying their travel money services were not available.

A spokesperson for Virgin Bank said: “Our focus is on bringing back a safe and secure service for customers as quickly as possible and we remain in regular dialogue with Travelex on achieving this.” A Tesco Bank spokesman said: “We are working very closely with Travelex as they continue with their recovery process. We will update our own customers once we are able to restart ordering for travel money.” Tesco was able to supply currency through 360 bureaus in Tesco supermarkets, operated by Travelex, the spokesman said.

UK Finance, a trade body that represents banks and financial services companies, said there may be delays before Travelex gets its services up and running again, and its partner banks restore their services. “Individual firms have their own processes in place to ensure there is no risk to customers,” the spokesperson said. “This could lead to a delay between Travelex restoring its systems and partner firms being able to begin offering related services again.”

Travelex’s Abu Dhabi-based parent company, financial services firm Finablr, said on 7 January that it expected the cyber attack on Travelex to have no material financial impact on the group. Finablr said it continues to monitor the situation closely and will update the market as required.

D’Souza said last week that Travelex’s bureau outlets had been able to continue offering services manually. “We are a largely transactional business,” he said. “It is a relatively small proportion of our end customers who use the online service – most of them go into a bureau.”

More News
Sidebar news
Motorola Solutions Opens New Experience Center in Gurugram, India
Apr 17,2024
Sidebar news
InnoEX, Spring Electronics Fair Boosts Hong Kong’s Tech Hub Status by Attracting 88,000 International Buyers
Apr 16,2024
Sidebar news
Smiths Detection Launches X-ray Diffraction Scanner
Apr 16,2024
Sidebar news
Axis Communications Launches Open Cloud-Based Video Surveillance Management Solution
Apr 15,2024
Sidebar news
Okta appoints new RVP for Greater ASEAN and Singapore Country Manager
Apr 05,2024
Sidebar news
Hexagon rebrands Qognify, reaffirming commitment to physical security
Apr 05,2024
Sidebar news
Appointment of Jerome de Chassey as President of Smiths Detection
Apr 01,2024
Sidebar news
InnoEX Sees Twofold Increase In The Number Of Exhibiting Countries And Regions
Mar 28,2024
Sidebar news
Visidon AI-powered Low-Light Video Enhancement selected to Hailo-15 AI Vision Processor
Mar 15,2024
Sidebar news
InnoEX and Electronics Fair (Spring Edition) in Hong Kong To Showcase Cutting-Edge Technology and Products for Smart Cities this April
Mar 14,2024