Response Comment: Travelex Foreign Currency Website STILL Down After 4 Days Following Cyber Attack

The Sun revealed that the Travelex website is still down, four days after a cyber attack on New Year’s Eve. The currency provider has taken down its site and app, leaving some customers struggling to access funds. The currency exchange provides services to several major banks including Sainsbury’s Bank, Asda, Barclays, HSBC and First Direct.
The Sun
HACK ATTACK Travelex foreign currency website STILL down after 4 days following cyber attack

EXPERTS COMMENTS
Andrew Stark, Cyber Security Director,  Red Mosquito
January 15, 2020
Travelex will need to contend with the difficult task of restoring and securing their IT systems.
“There is no doubt that Travelex will be celebrated as a juicy scalp by the hackers and, any ransom associated with this attack is likely to be a significant sum. Ransomware attacks typically take advantage of a security vulnerability relating to Remote Desktop Protocol (RDP), commonly used to gain remote access to IT systems. Exposing RDP directly to the internet is not a recommended since it a ....
[Read More >>]
Wicus Ross, Senior Researcher,  SecureData
January 09, 2020
However, ignoring and accumulating security risks leads to an increase in security debt.
The fact that Travelex was compromised is unfortunate and slightly unsettling. It’s never good to hear that a large global financial business fell victim to a cyberattack. The technical details on the attack vector are thin, with some security experts suggesting that unpatched security products could have been the source of the initial breach. Vulnerability management is a crucial part of any bu ....
[Read More >>]
Becky Nicholson, Data Privacy Consultant,  Bridewell Consulting
January 09, 2020
Travelex has certain obligations as a controller under Data Protection legislation.
Following the Travelex ransomware attack, the company made the decision to take down its website, yet customers have not been directly informed if their personal data has been compromised. There are also conflicting reports on whether customer data has been lost. Travelex has certain obligations as a controller under Data Protection legislation. One of which is to report personal data breac ....
[Read More >>]
James Smith, Principal Security Consultant and Head of Penetration Testing ,  Bridewell Consulting
January 09, 2020
There’s also no guarantee that the data hasn’t been stolen already, before it was encrypted.
Transparency is key in maintaining customer trust, especially for firms like Travelex in the financial services industry. Travelex has taken a long time to inform customers about what’s taken place, and placing a press statement on the website days after the event simply isn’t enough. Financial services firms like Travelex have a responsibility to their customers to keep them informed even ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
January 08, 2020
It suggests that Travelex may not have tested a ransomware simulation which can be extremely valuable to a company.
Being forced to use pen and paper must feel more like 1920 than 2020. Furthermore, I wish I was saying that this Travelex attack could act as a guinea pig with the potential of what Ransomware can actually achieve but alas, it is by no means the first, nor will it be the last. The knock on effect from this particular attack is possibly the more poignant and interesting part of the story. Rarely ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
January 08, 2020
Details are scant at this time, but this is an early 2020 wake up call to all organisations.
Today, most companies have contingency plans and tools in place to deal with the ransomware threat. Because of these factors, many organisations feel like ransomware is now an understood and contained risk. However, that’s for the most part a false sense of security because most of the lack of recent ransomware outbreaks is due to the attackers using it differently, more surgically, if you will, ....
[Read More >>]
Rachel Aldighieri, Managing Director,  DMA
January 08, 2020
Consumer trust in how organisations collect, store and use data is fundamental to a data-driven economy.
For most businesses, data is its most valuable asset so maintaining its security must be a business imperative. If there is any potential breach that puts consumers’ personal information at risk, customers must be informed promptly by clearly communicating how they could be affected and how the organisation intends to rectify the situation. Consumer trust in how organisations collect, store ....
[Read More >>]
Adam Vincent, CEO,  ThreatConnect
January 08, 2020
It’s essential that any potential target understands as much as they can about the threats they face.
Financial institutions are a lucrative target – they hold highly sensitive information and have a mandate to protect the personal information of their customers. When faced with a ransomware attack, financial institutions have two choices – cave to demands or try and fight back. No company is immune from the dangers of being compromised. It’s essential that any potential target unders ....
[Read More >>]
David Emm, Principal Security Researcher ,  Kaspersky
January 08, 2020
The ongoing impact of this security breach serves as a stark reminder for businesses.
The ongoing impact of this security breach serves as a stark reminder for businesses to adopt and maintain robust cybersecurity policies and procedures – given that sustained attacks of this nature seriously drain a company’s resources and profits, and the amount of work involved to get a company back up and running. Even if a company on the receiving end of a ransomware attack declines to pay ....
[Read More >>]
Stuart Reed, UK Director,  Orange Cyberdefense
January 08, 2020
Travelex's continuing struggle to secure its data against the virus demonstrates.
The ongoing attack against Travelex is arguably the worst case scenario for how crippling ransomware can be. Not only is Travelex itself affected, having to close its website across 30 countries for over a week. This attack has also brought much of its partner ecosystem - including HSBC, Barclays, Sainsbury's Bank, and Virgin Money - to a grinding halt. If there was ever any doubt that a cyber att ....
[Read More >>]
Tim Dunton, MD,  Nimbus Hosting
January 07, 2020
More should be done to ensure safe internet access, as well as a solid infrastructure.
Another large organisation has been hacked in a successful cyber attack on New Year's Day. The Travelex systems and website have now been shut down, and this of course leaves a large number of customers affected. There is no doubt that this creates frustration among customers, which can lead to a distrust and permanently damage a company's reputation. However, many businesses still do not acknowl ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article