Warnings following Travelex ransomware attack

January 9th 2020

The Travelex website is still disabled, and many of its customers left with no travel money, following detection of a ransomware virus which compromised some of its services on New Year’s Eve. But Get Safe Online has also highlighted potential fraud issues, which invariably follow as a result of hacks such as this.

The virus, placed by an organised crime group (OCG) known as Sodinokibi or REvil, has been contained, according to the company. In a press release issued on Tuesday, which also appears as the sole page on its website, the foreign currency trader also states: “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.”

However, contacting the BBC, the group – which is demanding a $6 million (£4.6 million) ransom – has said that it downloaded 5GB of sensitive customer data including dates of birth, credit card information and national insurance numbers. It added “In the case of payment, we will delete and will not use that (data)base and restore them the entire network. The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”

In the meantime, customers have been left with no travel money from the company, which also provides a currency service for companies such as Tesco, Sainsbury’s, Virgin Money and some mainstream banks. At locations such as airports and high street Travelex outlets, cashiers have had to resort to using pen and paper.

But a potentially more serious consequence of the hack is a raft of frauds, with cybercriminals taking advantage of the situation to commit fraud or identity theft – or both. Typically, they contact potential victims via email, phone call, text message or even social media claiming to be either from Travelex or perhaps a third-party compensation claims company. They will be seeking logins and other confidential details.


Tony Neate, Chief Executive, Get Safe Online commented: “We are as yet unaware of the full details regarding the Travelex ransomware attack but there is some simple advice that we can provide to consumers, and in particular Travelex customers, who may be anxious at this time.

“Firstly, as a precaution, customers should change their password on any online accounts they hold with Travelex. If you have used the same password on other online accounts, then these should be updated too, making sure you use a different password for each account.

“Secondly, with incidents such as these, we often see an influx of further criminal activity as opportunistic cybercriminals contact you via email, phone or other means. Whether you’re a Travelex customer or not, be wary of these and never provide personal information without checking the authenticity of the request first. You can do this by calling on a number you know to be correct. It’s better to be safe than sorry.”

Neate also pointed out that the situation highlights to any businesses of any size, the importance of keeping their website safe from unauthorised intrusion.

You can listen to him talking about the attack with BBC World Service, here:

For further information on how to stay safe online visit

Written by

In partnership with