Travelex confirms ransomware attack, expect no material financial impact for Finablr
Although Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.
Travelex last night published an update regarding the cyber incident that has prompted it to take down its systems and to provide foreign exchange services on a manual basis.
The company confirms that the software virus affecting its systems is ransomware known as Sodinokibi, also commonly referred to as REvil. Travelex says that whereas there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.
Although Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.
At present, the company is working towards recovery of all systems. To date Travelex has been able to restore a number of internal systems, which are operating normally. The company is working to resume normal operations as quickly as possible. Importantly, Travelex does not currently anticipate any material financial impact for Finablr PLC (LON:FIN).
Travelex is in touch with the National Crime Agency (NCA) and the Metropolitan Police and they are carrying out their own criminal investigations.
Below is the full announcement by Travelex issued last night:
“On Tuesday December 31st Travelex detected a software virus which had compromised some of its services. As previously announced, on discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network.
Whilst the investigation is still ongoing, Travelex has confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil. Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful. To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.
Having completed the containment stage of its remediation process, detailed forensic analysis is fully underway and the company is now also working towards recovery of all systems. To date Travelex has been able to restore a number of internal systems, which are operating normally. The company is working to resume normal operations as quickly as possible and does not currently anticipate any material financial impact for the Finablr Group.
Tony D’Souza, Chief Executive of Travelex, said “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customer’s data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused. Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.”
Travelex is in discussions with the National Crime Agency (NCA) and the Metropolitan Police who are conducting their own criminal investigations, as well as its regulators across the world”.
