Confusion reigns over Travelex ransom demands

10th Jan 2020

Travelex has been criticised for its response, after the currency transfer company was subject to a hacking attack and ransom demands.

The attack began on New Year’s Eve, with hackers claiming to have stolen customer data, including credit card information. They threatened to release the details online unless they were paid a $6 million (£4.6 million) ransom within a week. 

Travelex immediately took its website offline to prevent the spread of the virus. The website is still down, although a landing page says that the firm has “contained the virus” and is “working to restore our systems and resume normal operations as quickly as possible.” The statement also says: “We apologise to our customers for any inconvenience caused as a result.” 

The attack is also affecting banks including HSBC, Barclays and Royal Bank of Scotland, who use Travelex’s services. Their currency transfer systems were also offline on Thursday. 

Travelex has so far refused to confirm or deny whether it has acquiesced to the demands and paid the ransom, although it confirmed that the National Crime Agency and the Metropolitan Police are conducting criminal investigations. 

To date no personal customer details have been published online, raising the prospect that the firm has either paid the ransom, or that the hackers were bluffing. The company said that it had so far found no evidence that customer data had been “compromised”. 

Martyn James, of consumer rights group Resolver, told The Telegraph that Travelex should front up to customers and release as much information as possible: “In this day and age, transparency is absolutely vital.”

Share this