Foreign exchange financials company Travelex has suspended its UK-based digital services offline since New Year’s Eve, following the discovery of an undisclosed malware program.
As of Jan. 3 at 11:30 a.m. ET, the London-based company remains unable to conduct monetary transactions via its website or app. Services are still being conducted manually, however.
“We have deployed teams of IT specialists and external cybersecurity experts who have been working continuously since New Year’s Eve to isolate the virus and restore affected systems,” reads a company statement on Twitter. “We are doing all we can to restore our full services as soon as possible.”
Travelex has not specified if the malware is a variant of ransomware or some other breed of threat. However, the company says is has not seen any evidence suggesting that customer data was compromised.
Multiple Twitter users who appear to be Travelex customers have replied to the company’s disclosure, complaining that they are unable to obtain money while traveling. In addition to currency exchange, the company’s services include international payments and prepaid credit cards.
“We regret having to suspend some of our services in order to contain the virus and protect data,” said Tony D’Souza, Travelex’s chief executive, according to the UK’s The Guardian. “We apologize to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible.”
The company added: “Our investigation to date shows no indication that any personal or customer data has been compromised. We’ve deployed teams of IT specialists and external cyber security experts who’ve been working continuously since New Year’s Eve to isolate the virus and restore the systems.”
Travelex is owned by Abu Dhabi-based finance company Finablr.
“The Christmas-New Year period is ideal for phishing and other socially engineered attacks,” said Colin Bastable, CEO of Lucy Security, in emailed comments. “People are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email.”