Australian banks which rely on Travelex to provide foreign currency services have been impacted by a ransomware attack on the UK-based company.
Travelex took all its systems offline when it first detected a software virus that had compromised some of its services on New Year’s Eve. The attack is still causing headaches for the company, as well as its banking clients, well into the new year.
The WSJ reported that the shut down meant banks that rely on Travelex to supply cash in foreign currencies were unable to take orders from customers. The banks’ online retail foreign-currency exchange services, which are outsourced to Travelex, were also shut off, according to the report.
While the BBC reported Travelex cashiers are using pen and paper to exchange money at cash desks in airports and on the High Streets.
Which-50 understands the issue is impacting a number of banks locally, with Westpac and Bendigo and Adelaide Bank confirming some of their customer’s currency orders, normally processed by Travelex, were unable to be fulfilled.
A Westpac spokesperson said, “We are aware of a cyber incident being experienced by our supplier Travelex which is impacting its ability to issue foreign currency to our customers. We have been working with Travelex to understand the impact on Westpac Group customers and will continue to work with them while they thoroughly investigate the matter.
“In the meantime, customers with current orders should attend their local branch for assistance. Our Global Currency Card is also available for our customers and details can be found on each of our brand’s websites.”
A spokesperson for Bendigo and Adelaide Bank told Which-50 the organisation is actively engaging with Travelex as it works to resolve the issue.
“The Bank is amongst many financial organisations around the world impacted by the Travelex security incident. Whilst we haven’t been able to fulfil some retail orders, we can still fulfil major currency orders for our customers. No Bendigo Bank customer data has been breached,” the spokesperson said.
Travelex confirmed that Sodinokibi ransomware, also known as REvil, had compromised its systems. The attacker’s goal is to encrypt the victims’ files and then request payment in return for a decryption tool to decrypt them.
Travelex said there has been some data encryption but there is no evidence that structured personal customer data has been encrypted. It also says there’s no evidence data has been exfiltrated from its systems.
“Whilst Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” the company said on a statement published on their website.
Travelex is working with the National Crime Agency (NCA) and the Metropolitan Police in the UK who are conducting their own criminal investigations.