Around New Year's Eve, money exchange giants, Travelex became the focus of a major cyberattack when hackers compromised their systems, forcing Travelex to switch off computers in offices and shops across Europe, Asia and the US, and reverting to paper methods for conducting business.
The hackers infiltrated Travelex's systems, encrypted customer data and are now demanding around £4.6m in bitcoin to unlock the information and allow Travelex to restore their normal operations. In addition to encrypting data, the hackers also claim to have downloaded 5GB of customer data, including credit card information and are threatening to release it onto the Dark Web if the ransom is not paid.
Staff laptops have been called in for scanning and treatment in an attempt to prevent the ransomware from spreading further. Many have been found to be infected. IT teams have been buying and setting up new computers since the attack.
The hack has affected major banks including Lloyds, Barclays and Royal Bank of Scotland, all of which rely on Travelex for their foreign currency for their travel money service. This service is currently suspended.
Samsung, which provides a digital wallet for cross-border payments, has disabled the service as a precaution although Samsung is reassuring customers there is no evidence of their data having been affected.
Staff at Travelex are reportedly under enormous strain, with reports of the atmosphere being like something from ‘a gangster movie’. Complaints about how the hack is being handled and the lack of internal communication are reportedly rife.
Many of Travelex’s existing customers have had their holidays thrown into chaos when they’ve not been able to collect foreign currency they’ve bought. Whilst Travelex has assured customers their orders will be refunded or fulfilled once the issue has been resolved, this isn’t helping customers about to embark on holiday who were relying on those funds.
How did it happen?
Last week, Westtek's CEO, Francis West, ran a Dark Web audit on the travelex.com domain. To his shock and horror, he found 1026 unique email addresses and passwords for sale on the Dark Web. He also found incomplete anti-spam configurations.
As 91% of all cyber breach originates from email, it’s a good bet this is how the hackers got in. Shockingly, Travelex did not have basic email security systems in place.
Ask yourself – where do your sympathies lie? Are you thinking ‘poor Travelex, what a mess, and all those paper reconciliations to carry out’? Or do you feel worse for the customers who have had their holidays ruined and who have the additional worry of their credit card information being sold to fraudsters?
If your company was held to ransom and your customer’s data was compromised, you might feel like the victim, but where do you think sympathies would lie?
It’s up to all of us to ensure we have robust, multi-layered security systems in place. We also need to have protected backups so in the event of an attack, we can simply restore from the latest backup and get back to work with minimal disruption to our business or our customers.
What can you do to prevent your company being the next Travelex?
* Multiple layers of security on every sever and every computer, including mobile devices such as laptops and smart tablets
* Anti-spam configurations and a specific email security programme in place (Office 365 or Google is NOT sufficient and will only defend against around 85% of all known threats)
* A backup process with a guardian system to prevent malware being saved into backup files
* Regular and on-going cybersecurity awareness training for staff
* Dark Web monitoring so you find out within 24 hours if your domain has been compromised
* Multi-Factor Authentication on everything
What are your processes for ensuring your systems are secure and your backups are safe? Would you like us to help make sure you’re as safe as you possibly can be?
Read Francis’s post on LinkedIn about the Travelex breach.
Westtek Solutions is a proactive Technology Success Partner that specialises in delivering cybersecurity measures, strategic consulting and technical support services to help you stay secure whilst maximising productivity. We make sure your technology works for you and not the other way around.