Travelex site taken offline due to cyber attack

2 January 2020, 19:21

Travelex experienced a virus attack
Travelex experienced a virus attack. Picture: PA

By Sylvia DeLuca

Foreign currency service Travelex has been forced to take all its sites offline after it was attacked by a software virus on New Year’s Eve.

Exchange services are having to be handled manually in branches in the aftermath of the cyber attack.

The company that processes 5,000 currency transactions every hour, stressed that its investigations so far suggest no personal or customer data has been compromised.

The attack comes as many holidaymakers are abroad for the Christmas and New Year holidays.

Teams of IT specialists and external cyber security experts have been drafted in to isolate the virus and get affected systems back online.

The decision to take the site down has affected other services that use Travelex, including Tesco Bank.

Twitter users have complained to Tesco Bank about the issue. Tesco Bank replied to one customer: "We're unable to help with Travel Money queries here as our Travel Money is administered and managed by Travelex.

"In the meantime, you can still visit one of our in-store bureaux to collect or purchase your currency. Sorry for any inconvenience."

Tony D’Souza, chief executive of Travelex, said: “We regret having to suspend some of our services in order to contain the virus and protect data.

“We apologise to all our customers for any inconvenience caused as a result.We are doing all we can to restore our full services as soon as possible.”

Whilst online services are down the company is carrying out transactions manually, providing foreign-exchange services over the counter in its branches.

Travelex says customer data has not been compromised
Travelex says customer data has not been compromised. Picture: PA

The cyber attack comes almost two years after Travelex was involved in another IT crisis, when it mistakenly leaked customer data from thousands of Tesco Bank accounts.

The group shared the database by mistake in March 2018, exposing the details of 17,000 people, including full names, emails, phone numbers, IP addresses and the final digits of bank cards.