Travelex are the latest company to be compromised by a group known as REvil on New Year’s Eve. The website has been offline since that day for over 30 countries in a minor attempt to “save data”, even though the hackers claim to have had access to the data for 6 months.
The hackers are claiming to have access to customers personal data such as date of birth, credit card details, national insurance numbers etc. They are threatening Travelex that they will release this information unless they pay £4.6m ($6m USD).
But how did they get into this situation? A company that claims to be the “world’s largest foreign exchange bureau” that is handling millions of people’s data should already have security measures in place to prevent cyber-attacks.
Customers of Travelex who placed orders online say that they are currently in “limbo” and have not received any money in any currency as of yet. The cash desks are only able to handle money using the old-fashioned pen and paper style to keep the business going.
It doesn’t help the fact that the company has tried to “hide” the situation by stating the website is down for “planned maintenance” and only confronting the severity of the situation updating their website a whole week after the revelation.
Do they pay the £4.6m and hope that they still don’t reveal the data? Or call their bluff? I know which I would choose…