Last week we reported on the outage at Travelex – they were hit with malware. We surmised it was ransomware as they took systems offline to keep it from spreading. We reached out to the company to determine if we were correct as they did not immediately respond. We did get a response worth sharing – although they did not clarify if ransomware was the culprit:

Travelex confirms that a software virus was discovered on New Year’s Eve which has compromised some of its services. 

As a precautionary measure in order to protect data and prevent the spread of the virus, Travelex immediately took all its systems offline.  Our investigation to date shows no indication that any personal or customer data has been compromised.

The company’s network of branches continues to provide foreign exchange services manually.

Travelex has deployed teams of IT specialists and external cyber security experts who have been working continuously since New Year’s Eve to isolate the virus and restore affected systems.

We regret having to suspend some of our services in order to contain the virus and protect data.  We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible.

Tony D’Souza, Chief Executive of Travelex

Could this have been prevented?

Possibly. If you want to stay secure, follow these three steps to start:

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phish360 is great and costs nothing to get started. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.