Currency exchange company Travelex has begun issuing refunds to customers after it was targeted by hackers.
The huge cyber-attack forced the company to shut down all of its computer systems – but its website is still down two weeks on from being hacked.
Refunds ‘where appropriate’
The foreign exchange site was the victim of a software virus on New Year’s Eve (31 Jan) and was held to ransom by hackers, forcing it to take down its websites across 30 countries to contain the virus and protect data.
Staff in branches were left using pen and paper as a result, while customers struggled to access their refunds.
In an update issued on its website, Travelex confirmed it has now begun refunding customers “where appropriate”, although it didn’t specify how it is deciding who to refund first.
Tony D’Souza, CEO of Travelex, said, “We continue to make good progress with our recovery and have already completed a considerable amount in the background.
“We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week.”
Customers who are still awaiting refunds are advised to get in touch with the company to discuss their specific situation.
Held to ransom
Travelex was reportedly targeted by a ransomware gang called Sodinokibi, who are said to be threatening to release personal customer information unless they are paid £4.6 million.
The gang, also known as REvil, claims to have gained access to the company’s computer network six months ago and to have downloaded 5GB of sensitive customer data.
The company says there is no evidence to suggest customer data has been accessed.
The Metropolitan Police is currently leading the investigation on the attack, which was reported on 2 January.
In a statement issued on social media at the time, Travelex warned the cyber attack had “compromised some of its services”, stating: “As a precautionary measure to protect data and prevent the spread of the virus, we immediately took all of our systems offline.”
Advice for customers
The company apologised to customers for the inconvenience caused, but reassured them that their investigation “to date” had not shown that any personal or customer data has been compromised.
They said a team of IT specialists and cyber security experts had been “working continuously since New Year’s Eve to isolate the virus and restore affected systems.”
Customers with any issues caused by the shutdown of Travelex’s website were advised to use Twitter to contact the company’s customer care team.
“Please DM [Direct Message] any queries so that we can try to help resolve any issues as quickly as possible,” the statement said.
Travelex’s network of branches around the UK are still operational, and are providing foreign exchange services manually.