Travelex said Monday it is making “good progress” battling the cyber attack that has left its computer systems paralysed since New Year’s Eve.
Travelex, the world’s biggest retail currency broker, was forced to take its systems offline on 31 December after discovering a computer virus. It has since confirmed that it is being held hostage by a “ransomware” virus that is demanding money.
As the crisis stretches into its third week, staff in its branches have been forced to use pen and paper to record foreign exchange transactions and the company’s website remains offline.
“We continue to make good progress with our recovery and have already completed a considerable amount in the background,” chief executive Tony D’Souza said in a new statement on Monday.
“We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”
The Travelex cyber attack has caused havoc with travel money services across the country. At least 14 major banks rely on Travelex to provide foreign exchange services to customers. These banks — which include Barclays (BARC.L), Royal Bank of Scotland (RBS.L), and HSBC (HSBA.L) — have been forced to suspend travel money services.
“I would like to thank all our partners and customers for their patience and understanding while we work through the technical, commercial, legal, regulatory, law enforcement, and other complexities of a global organisation that has experienced an attack,” D’Souza said.
Travelex reiterated Monday that it did not believe any data has been compromised in the attack. The alleged hackers told the BBC they had accessed 5GB of data, including dates of birth, credit card numbers, and national insurance numbers and were threatening to leak it unless they were paid $6m (£4.5m).
A posting on a hacker forum seen by Yahoo Finance UK seemed to confirm the attackers were threatening to leak data. However, cyber security experts Yahoo Finance UK spoke to said it was difficult to verify if the poster was actually involved in the attack and, even if they were, it could be an empty threat designed to pressure Travelex into paying the ransom.
“Based on Travelex’s extensive internal assessments and the analyses conducted by its expert partners there is no evidence to suggest that customer data has been compromised,” the company said in a statement.
D’Souza said: “We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”
However, Travelex warned customers to be wary of scammers trying to take advantage of the situation.
“If you receive a call from someone purporting to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on the local customer service number available on Travelex’s website,” the company said.