Friday 17 January 2020 3:42 pm

First Travelex UK customer-facing systems restored after cyber attack

The chief executive of Travelex has spoken out for the first time following a cyber attack two weeks ago that caused a global blackout in the foreign exchange provider’s online services. 

In a scripted video uploaded to a backup Travelex website, Tony D’Souza said the IT system used by staff was now working again.

D’Souza apologised “for the loss of some of our services and any inconvenience that has caused”.

The video was uploaded shortly after Travelex has said the first of irs customer-facing systems in the UK are back up and running.

Travelex said earlier today that  a “phased restoration of systems globally” is underway, and that it was restoring in-branch systems in some Travelex and partner stores in the UK, as well as testing some systems outside the country.

The company had been forced to use pen and paper to serve thousands of customers after hackers from the ransomware gang Sodinokibi had demanded $6m (£4.6m) from Travelex in return for customer data.

“When we discovered the virus, we took the tough decision to first isolate the parts of the business where it was initially found and then take down the rest of our systems. This enabled us to prevent its spread and minimise the damage,” said D’Souza.

He added that there had been “a number of technical, commercial, legal, and regulatory complexities that we needed to work through in the immediate aftermath of the attack”.

“We engaged internationally renowned cyber experts to run forensic analyses and we have not, to date, uncovered any evidence to suggest any customer data has left the organisation,” he said.

Travelex, which is owned by Finablr, provides forex services for customers of HSBC, Barclays, and Virgin Money, as well as Tesco and Sainsbury’s banks. 

In a statement issued earlier today, D’Souza said the company had started restoring electronic forex order processing in UK stores, and was starting its VAT refund service in UK airports.

Travelex said it was in the “advanced stages” of testing the systems that support bank note orders and its UK international money transfer service.

The company is working with authorities including the National Cyber Security Centre and the Metropolitan Police over the incident, and the police have launched a criminal investigation into the cyber attack.

Travelex has not said whether it paid a ransom to the hackers, and has not indicated how much the incident has cost them.

“Individual firms will have their own processes in place to ensure there is no risk to customers. This could lead to a delay between Travelex restoring its systems and partner firms being able to begin offering related services,” said banking trade body UK Finance.

Sign up to City A.M.’s Midday Update newsletter, delivered to your inbox every lunchtime