Travelex services begin again after ransomware cyber-attack

Travelex was forced to take its websites offline after discovering the cyber-attack on New Year’s Eve. It later emerged that the ransomware gang responsible, Sodinokibi, had demanded £4.6m and was threatening to release customers’ personal data - including dates of birth and payment card information - into the public domain unless the company paid up.

Travelex said it had contained the virus and that its investigations showed that no customer data has been breached to date. It is in communication with the UK’s National Cyber Security Centre (NCSC) – which is part of GCHQ – and the Metropolitan police.

Tony D’Souza, the chief executive of Travelex, said: “We continue to make good progress with our recovery and have already completed a considerable amount in the background.”

He said the firm was now in a position to start restoring functionality at its partner and customer services, and that it would provide more information in the coming days.

With its online travel money service out of action, Travelex staff have been forced to use pen and paper to serve customers. Nor is the company able to sell or reload its travel money cards online.

D’Souza said: “We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”

The firm said it would start restoring customer-facing systems, beginning with those that allowed it to process orders electronically with banking partners and in its own stores.

“This follows the restoration of many of the internal capabilities necessary to support partner and customer services, which has been in progress since the beginning of last week,” it said.