Travelex Knocked Offline by System-Wide Malware Attack

travelex malware attack

The foreign-currency-exchange giant said that it has been hit by a virus, affecting retail customers and banking partners alike.

A “computer virus” has forced foreign currency exchange giant Travelex to shut down its online services and its app – leaving its retail locations to carry out tasks manually and many customers stranded without travel money. Its global banking partners have also been left adrift with no way to buy or sell foreign currency.

Travelex, a ubiquitous fixture at airports, provides foreign-exchange services in 70 countries across more than 1,200 retail branches. On Thursday, it tweeted out a short statement confirming a malware attack on New Year’s Eve which, as of this writing, is still impacting its ability to operate. It did not, however, provide technical specifics. Threatpost has reached out to Travelex for further comment.

“We regret having to suspend some of our services in order to contain the virus and protect data,” Tony D’Souza, Travelex CEO, told the Wall Street Journal.

The attack has had ripple effects as well, affecting banking partners like Sainsbury’s Bank, Barclays, HSBC, Tesco Bank and others. The latter, for instance, said that its bureau-de-change services were offline until further notice because of the Travelex incident. Also, firms that use its services cannot participate in the foreign currency markets at all, for now.

Meanwhile, Travelex retail customers who were relying on the company to gain access to their money while traveling also took to Twitter to air their grievances. While the company didn’t mention ransomware, some of these unhappy customers theorized it to be the culprit.

In any event, the attack shows the power of savvy phishing, one researchers said, who thinks a malicious email was the likely attack vector.

“The Christmas/New Year period is ideal for phishing and other socially-engineered attacks – people are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email,” said Colin Bastable, CEO of Lucy Security, in a statement. “Travelex makes for a juicy target – it is somewhat surprising that they were breached, but at any given time, up to 30 percent of employees can easily fall for phishing attacks, which are responsible for over 90 percent of losses from cybersecurity breaches.”

Javvad Malik, security awareness advocate at KnowBe4, had a different theory. “Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted,” he said via email. “The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality. Websites are the face of a company and are subject to the most attacks. It is important for companies to conduct regular security checks such as penetration testing, as well as vulnerability scan and regular assurance checks against the processing to ensure all public-facing aspects are up to date and running as secure as possible.”

Suggested articles

Discussion

  • Glynis Greenman on

    We have lost £600 worth of Norwegian kroner that we had ordered online to go in holiday shortly. The company say we'll be refunded but I doubt this from the information given out and the poor customer service. TravelEx say personal information has not been compromised but that is simply unbelievable due to what appears to be poor security. It has been a week now and simply nothing has happened so I guess this is company speak for go away and get lost. Sad and expensive episode for everyone involved.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.