Banks forced to halt currency service after Travelex cyber-attack


A number of High Street banks have stopped customers ordering foreign currency, following a ransomware cyber-attack on Travelex.

Problems at Lloyds, Barclays and Royal Bank of Scotland follow disruption at supermarkets Sainsbury’s and Tesco.

All get their foreign notes from Travelex, whose computer system is down after hackers demanded $6m (£4.6m) in return for customer data.

Travelex says there is no evidence customer data has been compromised.

However, Travelex cashiers have been resorting to using pen and paper to keep money moving at cash desks in airports and on the High Streets.

And banks are now reporting their supply of notes from Travelex has dried up following the cyber-attack, which struck last week.

An RBS representative said: “We are currently unable to accept any travel money orders either online, in branch or by telephone due to issues with our travel-money supplier, Travelex.

“We apologise for any inconvenience caused.”

Lloyds and Barclays issued similar statements. One source said the banks were dependent on Travelex resolving its disruption before they could restore their travel-money service.

Travelex employees have said that the company has been left “shell-shocked” by the continuing ransomware cyber-attack.

One source said his company’s communication with employees and customers seemed to be “a masterclass in what not to do”.

The employee, who wants to remain anonymous, said there is fierce criticism internally at the way management has handled the affair.

In an email to the BBC, he said: “I couldn’t help but laugh at the suggestion that the public response has been “shockingly bad”. This is nothing compared to how it’s been handled internally. It feels like there is a distinct lack of real leadership and communication.”

The company says it is working with industry-leading cyber recovery specialists to fix the problem, and insists it is doing all it can to keep its customers and employees informed.

Computer systems in the company’s offices and currency shops across Europe, Asia and the US have been switched off since the attack took place around New Year’s Eve.

The anonymous worker said: “I’ve not been able to use my work computer for a week. The docs on my PC have all been encrypted by the hack, but the docs I stored on the cloud server have not, which would seem to suggest the hackers haven’t got too far into our system.”