Travelex has insisted there is no evidence any personal customer data has been encrypted or "exfiltrated" – or stolen – after the foreign exchange firm fell foul of a New Year’s Eve ransomware attack, despite the purported hackers reportedly demanding nearly £5 million to decrypt key computer files.
However, the company has admitted it doesn’t yet have a "complete picture" of all the data that has been affected.
The forex giant said it took down its websites following the attack as a precaution to prevent a "software virus" from spreading. They still, however, display a message stating they are down for "planned maintenance".
It was confirmed on Tuesday (7 January) the Metropolitan Police in London is leading an investigation into the attack, which it described as a "reported ransomware attack involving a foreign currency exchange".
Travelex has stated it is working with police and is coordinating the recovery operation from its UK offices. A team of external cybersecurity experts are assisting with its efforts.
In a fresh statement, reported by the BBC on Tuesday, Travelex confirmed reports it was dealing with Sodinokibi or REvil ransomware which has allowed the perpetrators to encrypt key computer files.
The group behind the attack is understood to have demanded a ransom worth in the region of $6 million (£4.6 million) from Travelex to decrypt the data, which it says – contrary to Travelex – includes personal data, payment card information and national insurance numbers.
The Information Commissioner’s Office said in a statement it is yet to receive a report of a data breach from Travelex, stressing organisations must notify the ICO within 72 hours of any personal data breach.
"If an organisation decides a breach doesn’t need to be reported, they should keep their own record of it and be able to explain why it wasn’t reported if necessary," the ICO added.
Travelex said it had taken successful proactive steps to contain the spread of the ransomware. "To date, the company can confirm that while there has been some data encryption, there is no evidence structured personal customer data has been encrypted.
"While Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date any data has been exfiltrated. Having completed the containment stage of its remediation process, detailed forensic analysis is fully under way and the company is working towards recovery of all its systems.
"Travelex has been able to restore a number of internal systems, which are operating normally. The company is working to resume normal operations as quickly as possible."