January 8, 2020
Report: Ransomware takes down online currency exchange
A week after a malicious virus infected its network, the London-based foreign currency exchange company Travelex had yet to restore digital sales and was reported infected with ransomware by hackers threatening to release personal data unless it pays a $3 million ransom.
The U.K.-based security website BleepingComputer said hackers claimed to have encrypted Travelex's entire network with a strain of ransomware known as Sodinokibi and copied more than 5 gigabytes of personal data, including Travelex customers' credit and debit card information, birth dates and Social Security numbers.
The hackers said they deleted backup files and gave London-based Travelex—which operates in 27 countries with more than 1,200 stores—a week to pay up or they would publish the data they stole, the website reported.
Travelex did not immediately respond Tuesday to emails and a phone call from The Associated Press seeking comment. In a Jan. 2 Twitter post, the company said the virus had compromised some of its services on New Year's Eve and that it took all systems offline immediately. The statement said Travelex's investigation "to date shows no indication that any personal or customer data has been compromised."
Travelex said its branches worldwide, many of which are at airports, were continuing to provide money-changing services manually.
The company's U.K. website remained offline on Tuesday, with a notice on the only page available saying in seven languages that its online foreign currency purchasing service was temporarily unavailable "due to planned maintenance."
© 2020 The Associated Press. All rights reserved.