Comments On News: Barclays, Lloyds, RBS And HSBC All Hit By Travelex Cyber Attack

It has been reported that some of the UK’s biggest high street banks have been impacted following the cyber attack on Travelex – with Royal Bank of Scotland, HSBC and Barclays among those left with no online travel money services. More than a dozen of the major banking players, also including Lloyds Banking Group and Virgin Money, said their online foreign currency systems are down following the New Year’s Eve attack on Travelex. Many are offering customers services in branches, but orders cannot be processed online.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Felix Rosbach
Felix Rosbach , Product Manager
InfoSec Expert
January 10, 2020 4:01 pm

Working with third parties and sharing sensitive customer data always comes with high risks. Missing control over the infrastructure of third parties makes it sheer impossible to prevent attackers from getting access to such a complex network.

Until a breach is completely analyzed by forensic experts you can’t be sure if or what data is affected – this is true for your whole network and also your partners. The best thing for banks like HSBC, Lloyds Banking Group and Virgin Money – who are working with Travelex – is to take the affected online services offline until forensics and recovery is done.

Focusing on a data-centric security strategy to making sure that data is protected and access to it is restricted all the time – even in third party networks – is the best any organizations can do to reduce the risk of a breach. Third parties should only use tokens instead of clear-text data to process payments and store sensitive data. If hackers get access to these tokens, the data is useless. Protecting data is more important than just preventing breaches.

Last edited 2 years ago by Felix Rosbach
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 10, 2020 3:05 pm

The Travelex issue is rapidly becoming the gift that keeps on giving. After being hit with ransomware, the response from Travelex will certainly be showcased in the future as a prime example of how not to respond to a cyber incident.

The lack of transparency about the extent of the impact to systems, customers, and partners is clearly having a knock on effect to banks.

With the criminals behind the attack demanding USD $6m, the chances of them receiving a payment grows each day that Travelex is unable to operate.

However, ransomware is only one part of the woes. The criminals also claim to have customer data which they are threatening to release unless payment is made. If it is true that the criminals have gotten a copy of Travelex\’s customer data – then there is a much larger issue at hand.

Last edited 2 years ago by Javvad Malik
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
January 9, 2020 1:26 pm

The latest Travelex drama is neither unexpected or surprising considering they have been mostly offline since the ransomware attack in late December. The bottom line is we are getting into a more fragile world, and we need to beef it up now. Overall, the inability of some of the world\’s largest banks to service its customers with online currency highlights the degree of interconnectivity and dependence in the new international economic order.

Would anyone have flagged Travelex before the ransomware incident as critical infrastructure? Maybe. Maybe not. In the end, the ripple effects of even a delay in service with this one company are spreading. Globalised economies become increasingly interdependent with multiple points of failure progressively over time. The lesson is that it’s not just about you and your obvious supply chain. Anti-fragility and resilience are critically important to us collectively. There are lessons here no doubt that will emerge about how to handle an incident or how not to. Time will tell. But there are also lessons for us to look at collectively. With less distance than ever before between any two points in the connected world, the potential for even relatively small players to cause cascade failures needs to be understood and better modeled. The extent of the pain from Travelex with other companies and customers has yet to be seen and won’t until the dust settles.

Last edited 2 years ago by Sam Curry
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x