Malware attack on Travelex affects UK forex services/Tesco bank

News by Chandu Gopalakrishnan

Malware attack on UK-based currency exchange company Travelex's systems spilled over to foreign exchange services of major financial brands

The 31 December malware attack on UK-based currency exchange company Travelex has had a spillover effect on its partner businesses in foreign exchange. 

The forex services of major financial business brands such as Barclays, First Direct, H&T Pawnbrokers, HSBC, Sainsburys, Tesco and Virgin Travel Money were affected by the cyber-attack on Travelex, tweeted travel money exchange rates data compiler Touchtree.

Travelex went offline on 2 January and tweeted that it is a "precautionary measure in order to protect data and prevent the spread of the virus".

Replying to a customer query, the company tweeted that it is providing foreign currency services at its stores manually.

Travelex has not shared the details of the attack or acknowledged any ransom demand, but assured another customer that the user data is safe.

"Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality," commented Javvad Malik, security awareness advocate at KnowBe4. 

Also read: Half a million Teletext Holidays files unsecured

Travelex delivers the foreign exchange at stores for customers to collect, as well as run the operating the software used to buy the forex. The decision to go offline left the firms that use its services unable to sell currency online.

The travel money section of Virgin Money's website showed an error message. 

The travel money sections of Tesco Bank and Sainsbury Bank websites said the online service is temporarily unavailable, urging the customers to go to physical stores.

First Direct, which is owned by HSBC, conceded that its forex services were not available due to the trouble at Travelex. 

The fact that both the website and mobile app have been taken down shows the growing trend of attackers targeting mobile platforms alongside other channels, said Will LaSala, director of security solutions at OneSpan.

"Mobile app security needs to be baked in from the beginning, not bolted on at the end. App development, whether in-house or outsourced, needs to consider the best security mechanisms to protect the app and importantly, the brand," he said.

Also read: Third parties contribute to 1000% increase in finance sector cyber-crimes

"Travelex has so far handled the incident well due to its quick response time, and it is good to see personal and customer information does not appear to have been breached," noted Iain Kothari-Johnson, financial services lead for cyber-security at Fujitsu UK.

"Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust," he said. 

"While nearly all banks will have a disaster recovery strategy in place, as shown by Lloyds, Halifax and Bank of Scotland, it’s clear that these plans are not enough to ensure banking organisations remain online, regardless," said Steve Blow, UK systems engineering manager at Zerto.

Also read: Financial services remain low-hanging fruit for cyber-criminals

"Many UK consumers will be familiar with their banks taking ‘scheduled downtime’ during the evening as one of those simple facts of life, but there are increasing headlines about the disruption of a cyber-attack or updating error."

According to the FCA, downtime from the likes of a cyber-attack or an outage is not just a technology risk but a human risk too. To prevent these going forward, banks should make having an IT resilience strategy that prevents as much downtime as possible and ensures quick recovery, he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews