Barclays, Lloyds, RBS And HSBC All Hit By Cyber Attack On Travelex

(Alliance News) - The UK's biggest high street banks have been hit by a cyber attack on Travelex, ...

Alliance News 9 January, 2020 | 11:24AM
Email Form

(Alliance News) - The UK's biggest high street banks have been hit by a cyber attack on Travelex, with Royal Bank of Scotland Group PLC, HSBC Holdings PLC and Barclays PLC among those left with no online travel money services.

More than a dozen of the major banking players, also including Lloyds Banking Group PLC and Virgin Money UK PLC, are reporting that their online foreign currency systems are down following the New Year's Eve ransomware attack on Travelex.

Many are offering customers services in branches, but orders cannot be processed online.

Travelex was forced to take all its global websites offline and is reportedly being held to ransom by the infamous ransomware gang called Sodinokibi, also known as REvil.

It is understood the criminals are demanding cash – speculated to be some USD6 million – and is reportedly threatening to release 5GB of customers' personal data – including social security numbers, dates of birth and payment card information – into the public domain unless Travelex pays up.

Travelex is the world's largest retail currency dealer and provides travel money services for a host of partners, also including the likes of Sainsbury's Bank and Tesco Bank.

Travelex owner Finablr PLC, which is based in the United Arab Emirates, said late on Tuesday it is not expecting a "material financial impact" from the online attack.

Travelex has opened an investigation and confirmed in the update that while there has been some data encryption, and the extent is not yet known, there is no evidence that structured personal customer data has been breached.

But some of its business partners have spoken to the PA news agency of their frustration at the lack of information from the company.

Travelex had also not yet formally reported a data breach to the Information Commissioner's Office.

Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people's rights and freedoms.

A company which fails to comply can face a fine of up to 4% of its global turnover, under General Data Protection Regulations.

Travelex has said it is working towards total recovery after successfully containing affected areas and has managed to restore a number of internal systems.

As part of a detailed forensic analysis, the firm added there is also no evidence that data has been transferred from the Travelex system, known as exfiltration.

In a statement on Tuesday night, Travelex chief executive Tony D'Souza apologised for the inconvenience to partners and customers.

He insisted the group was "working tirelessly to bring our systems back online".

An investigation led by the Metropolitan Police and supported by the National Crime Agency is ongoing.

London-headquartered Travelex has a presence in more than 70 countries and more than 1,200 branches and 1,000 ATMs worldwide.

It processes more than 5,000 currency transactions every hour.

By Holly Williams, PA Deputy City Editor

source: PA

Copyright 2020 Alliance News Limited. All Rights Reserved.

Email Form

Securities Mentioned in Article

Security Name Price Change (%) Morningstar
Virgin Money UK PLC 74.86 GBX 4.20
Sainsbury (J) PLC 198.20 GBX 0.48
HSBC Holdings PLC 308.45 GBX 8.86
Finablr PLC 11.03 GBX 0.00 -
Barclays PLC 95.86 GBX 4.71
Lloyds Banking Group PLC 26.04 GBX 5.34
Tesco PLC 218.10 GBX 0.97
The Royal Bank of Scotland Group PLC 104.79 GBX 5.19

About Author

Alliance News

Alliance News provides Morningstar with continuously updating coverage of news affecting listed companies.

Audience Confirmation

By clicking 'accept' I acknowledge that this website uses cookies and other technologies to tailor my experience and understand how I and other visitors use our site. See 'Cookie Consent' for more detail.

  • Other Morningstar Websites
© Copyright 2020 Morningstar, Inc. All rights reserved.

Terms of Use        Privacy Policy        Cookies