Travelex website forced offline by cyber attack


Jane McCallion

3 Jan, 2020

Foreign exchange firm Travelex has taken itself offline after discovering that a “software virus” had compromised its systems.

The incident, which is ongoing at the time of writing, began on New Year’s Eve 2019. The company said in a statement that while there’s no indication any customers’ personal data has been accessed, it took the decision to close down its systems “as a precautionary measure in order to protect data and prevent the spread of the virus”.

It added that its physical branches will continue trading, but foreign exchange services will be carried out manually.

The company has said it has deployed teams of IT specialists as well as external cyber security consultants to “isolate the virus and restore the affected systems”. This, however, is cold comfort for customers, some of whom claim to have been left with no access to money while abroad.

Recommendations to visit Mastercard’s Cash Passport service, which underwrites Travelex’s currency cards, seem to be fruitless as well.

The incident has implications beyond Travelex as well. HSBC and Virgin Money, which both use Travelex for their currency exchange services, are both displaying a notice saying their online services are unavailable due to “planned maintenance”.

Tesco Bank, meanwhile, simply says it can’t offer online foreign currency services and advises users to head into its branches.

The severity of the attack and whether a full data breach has occurred is currently unclear. However, a spokesperson for the UK’s data regulator, the Information Commissioner’s Office (ICO) confirmed to IT Pro this morning that it had not received a report from Travelex.

IT Pro has contacted Travelex for further clarification, but hadn’t received a response at the time of publication.