A little more than two weeks ago on New Year’s Eve, Foreign Currency services supplier Travelex was hit by a Sodinokibi (REvil) Ransomware attack. It has yet to recover and its web sites and systems are still down. Travelex finally posted a more comprehensive update on its corporate holdings web site. Customers were warned to raise their awareness and be wary of email [phishing] or telephone scams that might follow in the wake of the attack. Travelex is a big fish. Given the considerable media coverage, concerns are real that scammers may also target its customers in social engineering scams.
Travelex Posts Scam Warning To Its Customers
"Customer Precautions"
"Based on the public attention this incident has received, individuals may try to take advantage of it and attempt some common e-mail or telephone schemes. Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone purporting to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on the local customer service number available on Travelex’s website. If you have any questions or believe you have received a suspicious e-mail or telephone call, please do not hesitate to contact us. Please note that Travelex does not store credit card numbers on its system."
The post also made reference to engaging with relevant authorities and regulatory agencies. Although Sodinokibi (REvil) have threatened in prior ransomware attacks to publicly disclose information exfiltrated prior to encryption, it is not known yet if in fact data has been snatched in this attack.
Travelex expanded its post to include information about disclosure to regulatory agencies.
"Engagement with Regulatory and Relevant Law Enforcement Agencies"
"Travelex continues to work with relevant authorities, including the National Cyber Security Centre (NCSC) and the Metropolitan Police. Based on Travelex’s extensive internal assessments and the analyses conducted by its expert partners there is no evidence to suggest that customer data has been compromised. The Information Commissioner’s Office (ICO) is aware of Travelex’s position. The protection of its customer and partner data remains the company’s priority."
As Bloomberg News noted today, …”as ransomware attacks go, the cyber intrusion at Travelex that emerged on New Year’s Eve could have lasting consequences — and ones that shouldn’t be just a worry to the currency dealer."
“Worse still, the company has had to repeatedly deny claims by its attackers that customer data has been stolen, a violation of security that if true would result in a further loss of client trust — and hefty regulatory fines. Under the European General Data Protection Regulation, companies can be sanctioned as much as 4% of annual turnover if appropriate security measures aren’t in place or if the company fails to notify regulators promptly.”
Travelex initially posted its web sites were down for maintenance and later proceeded to reveal more extensive descriptions of the problem and mitigation efforts.