Expert Comments

COMMENT: Travelex Forced To Take Down Site Following Cyber Attack

Expert(s): Security Experts
Expert(s): Security Experts

Travelex has been forced to take down its website after a cyber attack, a decision that has affected other services that use its services, including Tesco Bank. 

The foreign-currency seller has been working on the issue since the software virus attack on New Year’s Eve. 

Experts Comments

January 03, 2020
Colin Bastable
CEO
Lucy Security
The Christmas/New Year period is ideal for phishing and other socially-engineered attacks – people are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email. Travelex makes for a juicy target – it is somewhat surprising that they were breached, but at any given time, up to 30% of employees can easily fall for phishing attacks, which are responsible for over 90% of losses from.....Read More
The Christmas/New Year period is ideal for phishing and other socially-engineered attacks – people are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email. Travelex makes for a juicy target – it is somewhat surprising that they were breached, but at any given time, up to 30% of employees can easily fall for phishing attacks, which are responsible for over 90% of losses from cybersecurity breaches.  Read Less
January 03, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality. Websites are the face of a company and are subject to the most attacks. It is important for companies to conduct regular security checks such as penetration testing, as well as vulnerability scan and regular.....Read More
Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality. Websites are the face of a company and are subject to the most attacks. It is important for companies to conduct regular security checks such as penetration testing, as well as vulnerability scan and regular assurance checks against the processing to ensure all public-facing aspects are up to date and running as secure as possible. Not only does such an attack bring services down, but depending on the vulnerability exploited and the duration for which it goes undetected, it can impact customers too.  Read Less
January 03, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Travelex has been tight-lipped about the details of the virus so far. Given that no customer data was leaked, I suspect the attack was intended to disrupt services rather than covertly steal information. Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details. While customer info seems to be safe, that doesn't mean their funds are. A shutdown like this can cause a lot of financial damage as a result of.....Read More
Travelex has been tight-lipped about the details of the virus so far. Given that no customer data was leaked, I suspect the attack was intended to disrupt services rather than covertly steal information. Data breaches usually happen quietly unbeknownst to the victim. Ransomware seems a likely culprit, but it's difficult to say without more details. While customer info seems to be safe, that doesn't mean their funds are. A shutdown like this can cause a lot of financial damage as a result of lost business, as well as reputational damage that can lead to other businesses breaking ties and looking elsewhere for Forex services.  Read Less
January 23, 2020
Karl Sigler
Threat Intelligence Manager
Trustwave SpiderLabs
As many were ringing in the new year, Travelex was forced to take a step back in time and handle foreign exchange services manually. The ransomware attack hit during one of the busiest travel seasons of the year, affecting travellers not only in the UK but in other countries as well. And travellers weren’t the only ones affected. Companies that use Travelex travel money services, including Asda and Tesco Bank were required to shut down their online travel money services. As the end is only.....Read More
As many were ringing in the new year, Travelex was forced to take a step back in time and handle foreign exchange services manually. The ransomware attack hit during one of the busiest travel seasons of the year, affecting travellers not only in the UK but in other countries as well. And travellers weren’t the only ones affected. Companies that use Travelex travel money services, including Asda and Tesco Bank were required to shut down their online travel money services. As the end is only starting to come into sight for this costly and serious cyber-criminal threat, what can businesses do to minimise their risk of a costly and serious cyber-criminal threat and that of their customers? It’s important to note that the size of the company is irrelevant. SMEs are exploited as frequently as larger organisations such as Travelex. The difference is in the limited manpower and expertise that smaller companies have at their disposal to proactively guard themselves. This is where partnering with an MSP that specialises in business continuity and disaster recovery (BCDR) technology is necessary. Waiting to put safeguards in place should not even be an option. As the frequency of cyber-criminal attacks continue to rise, it’s more important than ever to have the right solution deployed. To ensure downtime is kept to an absolute minimum should an attack happen, businesses need the ability to quickly and easily recover files or even their business infrastructure. This is where the right BCDR technology solution can make all the difference.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts