Monday 13 January 2020 3:17 pm

Travelex restores some electronic services following cyber attack

Foreign exchange company Travelex is beginning to restore some electronic systems almost two weeks after hackers held the company’s systems to ransom, leading to a global blackout of its online services. 

Staff at the foreign exchange giant had been forced to use pen and paper to serve thousands of customers after a cyber attack forced it to take all its systems offline on New Year’s Eve.

Read more: Travelex held to ransom by hackers

It later emerged that the ransomware gang Sodinokibi had demanded $6m (£4.6m) from the company in return for customer data, but Travelex said it had contained the virus and there was no evidence customer data had been compromised. 

“We continue to make good progress with our recovery and have already completed a considerable amount in the background,” the company said in a statement.

“We are now at the point where we are able to start restoring functionality in our partner and customer service.”

As of mid-afternoon on Monday, the company’s global websites were still offline.

Travelex said it had restored some internal and order processing systems, and was providing refunds to customers “where appropriate”.

The currency trader has a presence in over 70 countries, and provides foreign exchange services for the customers of HSBC, Barclays, Virgin Money, and Tesco and Sainsbury’s banking arms. 

The company said on Monday it would continue to communicate with partners about restoring services and “provide a roadmap” outlining its next steps, and had been able to honour most online orders for collection in store.

Travelex is working with authorities including the National Cyber Security Centre and Metropolitan Police, it said. 

Read more: Banks suspend currency exchange after Travelex cyber attack

Police have launched a criminal investigation into the cyber attack.

“Based on Travelex’s extensive internal assessments and the analyses conducted by its expert partners there is no evidence to suggest that customer data has been compromised,” the company said.