Travelex gives refunds as cyber attack recovery continues


Travelex, the foreign exchange operator held hostage by cyber attackers, has said it has started giving refunds “where appropriate” as it continues efforts to bring its systems back online.

The company said on Monday it was making “good progress” in restoring operations to process orders electronically, almost two weeks after the ransomware took hold of its services and forced branch staff to serve customers with a pen and paper.

The Sodinobiki gang reportedly demanded a £4.6m ransom and have threatened to release customer data including social security numbers, dates of birth and payment card information unless Travelex pays up.

The company says it is now able to bring some functionality back to its systems and insists there is no evidence that customer data has been breached.

Tony D’Souza, chief executive of Travelex, said: “We continue to make good progress with our recovery and have already completed a considerable amount in the background.

“We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”

He added: “We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.”

In addition to holidaymakers, Travelex also provides foreign exchange services to major banks and customers of HSBC, Barclays, Virgin Money and the banking arms of British retailers Tesco and Sainsbury’s.

Travelex is working with the National Cyber Security Centre and London’s Metropolitan Police as part of a criminal investigation.