UK based data currency exchange Travelex suffered a ransomware attack on New Year’s Eve. A ransomware gang called Sodinokibi has told the BBC it is behind the hack and wants Travelex to pay $6m (£4.6m). Sodinokibi also claims that they accessed the network 6 months ago and have stolen 5GB of sensitive customer data. The type of information they claim to have includes dates of birth, credit card information and national insurance numbers.
The hackers said: "In the case of payment, we will delete and will not use that [data]base and restore them the entire network. The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."
Travelex has since shut down its website across 30 countries. It has been offering only over-the-counter services since New Year’s Eve. Travelex is still conducting currency exchanges, but only by hand, based on rates issued each morning from its headquarters. London branches of Travelex are permitting ATMs withdrawals only in pounds and the screens that usually show the exchange rates offered for each currency are blank. Travelex has contacted local police and they are conducting an investigation, but as of yet, the company has not reported a data breach, according to the Information Commissioner’s Office, a British government agency that enforces data-protection laws.
While having to shut down computer systems and do all the work manually is a huge strain for the company and its customers, what is most troubling is the fact that the hackers may have all that sensitive data in their possession. According to Bleeping Computer, Sodinokibi believes that Travelex will pay “one way of another.” While Travelex claims there investigation so far doesn’t show evidence of any data leak, Sodinokibi says, "If this were true, they would not bargain with us now. On the other hand, we do not care. We will still benefit if they do not pay. Just the damage to them will be more serious." While the hackers didn’t detail how they would benefit if they do not pay, it is thought that they have a buyer(s) interested in this information. Hackers have more recently threatening to release information as leverage to get companies to pay the ransom.
Should what Sodinokibi claim is true, and the data is released, Travelex could also come under scrutiny from data protection authorities. At that point, it would be classified as a data breach and notifications will have to be made to the Information Commissioner’s office and to affected customers. Under European data privacy law, companies can be fined for being hacked if regulators determine that they did not do enough to protect the information. Between fines and class action lawsuits, this attack could cost Travelex even more.
Don’t let what happened to Travelex happen to you. You need to have a plan in place in case something like this happens to you. Contact Uzado today to learn how to deal with a breach.