Threat Management, Malware

Travelex sidelines online financial services following malware discovery

Foreign exchange financials company Travelex has suspended its UK-based digital services offline since New Year's Eve, following the discovery of an undisclosed malware program.

As of Jan. 3 at 11:30 a.m. ET, the London-based company remains unable to conduct monetary transactions via its website or app. Services are still being conducted manually, however.

"We have deployed teams of IT specialists and external cybersecurity experts who have been working continuously since New Year's Eve to isolate the virus and restore affected systems," reads a company statement on Twitter. "We are doing all we can to restore our full services as soon as possible."

Travelex has not specified if the malware is a variant of ransomware or some other breed of threat. However, the company says is has not seen any evidence suggesting that customer data was compromised.

Multiple Twitter users who appear to be Travelex customers have replied to the company's disclosure, complaining that they are unable to obtain money while traveling. In addition to currency exchange, the company's services include international payments and prepaid credit cards.

"We regret having to suspend some of our services in order to contain the virus and protect data," said Tony D'Souza, Travelex's chief executive, according to the UK's The Guardian. "We apologize to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible."

The company added: “Our investigation to date shows no indication that any personal or customer data has been compromised. We’ve deployed teams of IT specialists and external cyber security experts who’ve been working continuously since New Year’s Eve to isolate the virus and restore the systems.”

Travelex is owned by Abu Dhabi-based finance company Finablr.

"The Christmas-New Year period is ideal for phishing and other socially engineered attacks," said Colin Bastable, CEO of Lucy Security, in emailed comments. "People are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email."

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.