Travelex, a foreign currency exchange firm has been hit by a massive data breach forcing them to send its services offline. This is an attempt to stop the virus from spreading into the other part of its system.
As claimed by the firm, the virus launched by the hackers was identified as Sodinokibi. They admitted that a part of its data has been encrypted. However, they cannot confirm that structural personal customer data were encrypted. According to the news as reported by the BBC, some hacker group has claimed responsibility of the attack and demanded Travelex to pay $6 million as ransom, else they may leak the copy of data at their disposal.
According to the report, the ransomware gang had earlier accessed Travelex computer system and downloaded 5GB of customer data in 6 months ago before their current attack on 31 December 2019. The BBC reported that the ransomware gang has given up to 2 days for Travelex to pay the ransom, then another 7 days or face the sale of the customer’s data on the dark web.
Image Source: www.stocksharksnew.com
The ransomware gang revealed that they have obtained the date of birth, national insurance numbers and credit card details of customers. They added that they will delete their copy of the database and restore the entire network once they pay the stated ransom amount.
As claimed by the statement released on the Travelex website, they have no evidence or a clear picture of all the data that have been encrypted by the hacker group. As a result, they have no evidence that any of their customer data has been exfiltrated as claimed. They revealed that they have currently been able to restore a portion of its internal system, and have completed the containment stage of its remediation process. Travelex is still conducting forensic analysis in a bid to restore the entire system to resume work as soon as possible.
It was revealed that Travelex has not made any conscious effort to notify the Information Commissioner’s office on any data breach. The ICO demand companies and individuals to contact their office within 72 hours after getting aware of a data breach unless the attack does not pose any risk to the right and freedom of the people involved.
They reported that if an organization does not want to notify them of any breach, they can keep their record of the incident, but should be able to provide a sound explanation of why they did not report it. Failure to comply may lead to a maximum fine of 5% of global turnover.
Travelex has admitted that they are investigating the ransomware attack with the police, IT specialists and external cybersecurity experts. The Metropolitan Cybercrime Team of the Police reported on 2 January 2020, that they were notified by a foreign currency exchange concerning a ransomware attack launched by the suspected ransomware gang. Fabian Wosar, a cybersecurity expert at the Emsisoft stated that the good assessment of the incidents paints a familiar hacking behavior. According to him, the incident paints a consistent picture of previous attacks launched by the ransomware gang, and it is obvious they facilitated the attack.
Travelex website in Europe, Asia, and the US has been offline since the attack, and they notified users that they are embarking on maintenance. According to BBC News, the customers have not been informed about the data breach. Kevin Beaumont, a security researcher has said that Travelex has been disappointing with their public response as they have failed to inform the customers of the actual situation on the ground a week after the incident. He believes that the business partners of the firm and its customers have every right to know the gravity of the breach.
Image Source: www.zdnet.com
Almost all the businesses that rely on its network cannot sell currencies as the services have been down since the New Year’s eve. First Direct which is owned by HSBC has informed its customers that the online travel money service is currently not available, linking the reason to a service issue with the third-party service provider. It was reported that the Travelex Boss Tony D’Souza has apologized to all customers for the inconvenience caused. It was reported that they are currently processing all transactions manually until they recover their system and resume full service.
It is recommended that all customers affected by the breach whiles using the online services contact the company’s support team through their social media page or any of their phone lines.
The ransomware gang has threatened to release the obtained customer information if the ransom is not paid, and the company seems to be working hard to recover the system, and no response has been made on the statements made by the ransomware gang as claimed by the BBC news.
Source: BBC News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.