Travelex hack: what the Sodinokibi cyber attack means for you – and how to get a refund from the travel money firm

Travelex hack: what the Sodinokibi cyber attack means for you – and how to get a refund from the travel money firm
Are you awaiting a refund? (Photo: Shutterstock)

Foreign exchange giant Travelex is reportedly being held to ransom by cyber hackers.

The hackers struck on New Year’s Eve forcing the London-headquartered firm to take down all its global websites.

Travelex has a presence in more than 70 countries, with more than 1,200 branches and 1,000 ATMs worldwide.

Here’s everything we know about the attack:

What do the hackers want?

A ransomware gang called “Sodinokibi” told the BBC it is behind the hack, and is demanding cash – thought to be about 6 million US dollars (£4.6 million) – from Travelex to give the firm access to its computer systems after they attacked the sites.

They are reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless the company pays up.

The hackers – also known as “REvil” – told the BBC: “In the case of payment, we will delete and will not use that [data]base and restore them the entire network.

“The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”

Travelex says there is no evidence customer data has been compromised.

What is being done about the attack?

Travelex sites have now been offline for over a week, with the firm forced to provide foreign exchange services manually in its branches.

The group’s sites carry a message to visitors that online services are down due to “planned maintenance”.

“The system will be back online shortly,” according to the message.

Officers from the Metropolitan Police are leading the investigation into the attack, but the Information Commissioner’s Office (ICO) said it had not received a data breach report from Travelex.

An ICO spokeswoman told the BBC: “Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people’s rights and freedoms.

“If an organisation decides that a breach doesn’t need to be reported, they should keep their own record of it and be able to explain why it wasn’t reported if necessary.”

In a statement, the Metropolitan Police said: “On Thursday, 2 January, the Met’s Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Inquiries into the circumstances are ongoing.”

How does the hack affect me?

Travelex first revealed the New Year’s Eve attack on January 2, when it sought to assure the public that no customer data had yet been compromised as a result of the breach.

It has drafted in teams of IT specialists and external cyber security experts in an attempt to isolate the virus and get affected systems back online, but has so far been unable to gain access and overthrow the hackers.

The hack came at a crucial time for the group, with its services in high demand over the Christmas holidays.

The attack also had a knock-on effect on online travel money services for its partners, such as Tesco Bank, Sainsbury’s Bank, Virgin Money and First Direct, who also cannot sell currency online.

And now, the effect have spread to a number of High Street banks, who have stopped customers ordering foreign currency.

Lloyds, Barclays and Royal Bank of Scotland – who all get their foreign notes from Travelex – are affected while Travelex’s computer system is down.

Can I still use Travelex’s services?

Customers have not been sent any email communication about the cyber-attack, but queries are being replied to on social media by the company.

“We apologise to all our customers for any inconvenience caused as a result,” Travelex boss Tony D’Souza said in a statement.

“Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from ATMs.

“For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their individual situation and requirements.”

Can I get a refund?

Travelex has started issuing refunds to customers, with its website still down two weeks after being hit by the cyber attack.

In an update on their website, the company said that they have been providing refunds to customers “where appropriate”, and encouraged customers to get in touch to discuss their specific situation.

“The 24/7 global customer support desks are fully operational to offer advice, workarounds and to discuss any customer concerns,” they said.

“Customers are encouraged to check their local website for the best way to get in touch with customer support in their respective country.”