Travelex, a global foreign exchange company with hundreds of stores across the USA alone, is being held hostage by hackers demanding $6 million ransom. The cybercriminals from a gang known as Sodinokibi and REvil, claim that they are in possession of approximately 5GB of what they say is very sensitive data. They claim the stolen data consists of national identification numbers, dates of birth, and credit card information.
The details of US citizens are likely in the stolen information
As of January 9th, the company’s website is still not fully operational and shows a press release issued on Jan 7th, 2020. It states that on Tuesday, December 31st, 2019, Travelex detected a software virus that had compromised some of its services and informs the website visitors that Travelex immediately took all its systems offline to prevent the spread of the virus further across the network. According to the same press release published on the website, the company does not yet have a complete picture of all the data that has been encrypted by the ransomware, and there is still no evidence to date that any data has been exfiltrated.
The hackers claim that apart of locking Travelex systems with ransomware, they managed to get access six months ago and had plenty of time to extract sensitive information from Travelex customers. The criminals threaten to auction the information to the highest bidder if Travelex continues to refuse to pay the ransom. The gang initially asked for $3 million, but the sum doubled after two days of non-payment. If Travelex refuses to comply with the terms of the hackers, they say they will sell the stolen information to the highest bidder.
The hackers are not the only problem of Travelex at the moment. The Information Commissioner’s Office (ICO) said that they have not received a data breach report from Travelex. Under General Data Protection Regulation (GDPR), a company that fails to notify the ICO within 72 hours can face a fine of up to 4% of its global turnover. Travelex has approximately 150 million transactions per year and manages roughly $115 billion for customers. Travelex is also battling bad publicity generated by customers whose funds have been in limbo for days.
The stolen data is an additional bargaining chip when it comes to dealing with companies who refuse to pay the ransom – sometimes, companies probably have to decide between paying a hefty fine for GDPR violations or paying the hackers. Reuters reported that Travelex employees had to get back to basics serving thousands of customers using pen and paper. As of January 9th, the global Travelex blackout continues.
If you are a Travelex customer living in the USA, now it may be a good time to consider freezing your credit and updating the antivirus software on all your connected devices.
I am wondering why Panda has just released this with a title tag of SIX HOURS ago, when the attack actually happened TWO DAYS ago???