Comments On News: Barclays, Lloyds, RBS And HSBC All Hit By Travelex Cyber Attack

It has been reported that some of the UK’s biggest high street banks have been impacted following the cyber attack on Travelex – with Royal Bank of Scotland, HSBC and Barclays among those left with no online travel money services. More than a dozen of the major banking players, also including Lloyds Banking Group and Virgin Money, said their online foreign currency systems are down following the New Year’s Eve attack on Travelex. Many are offering customers services in branches, but orders cannot be processed online.

Experts Comments

January 09, 2020
Sam Curry
Chief Security Officer
Cybereason
The latest Travelex drama is neither unexpected or surprising considering they have been mostly offline since the ransomware attack in late December. The bottom line is we are getting into a more fragile world, and we need to beef it up now. Overall, the inability of some of the world's largest banks to service its customers with online currency highlights the degree of interconnectivity and dependence in the new international economic order. Would anyone have flagged Travelex before the.....Read More
The latest Travelex drama is neither unexpected or surprising considering they have been mostly offline since the ransomware attack in late December. The bottom line is we are getting into a more fragile world, and we need to beef it up now. Overall, the inability of some of the world's largest banks to service its customers with online currency highlights the degree of interconnectivity and dependence in the new international economic order. Would anyone have flagged Travelex before the ransomware incident as critical infrastructure? Maybe. Maybe not. In the end, the ripple effects of even a delay in service with this one company are spreading. Globalised economies become increasingly interdependent with multiple points of failure progressively over time. The lesson is that it’s not just about you and your obvious supply chain. Anti-fragility and resilience are critically important to us collectively. There are lessons here no doubt that will emerge about how to handle an incident or how not to. Time will tell. But there are also lessons for us to look at collectively. With less distance than ever before between any two points in the connected world, the potential for even relatively small players to cause cascade failures needs to be understood and better modeled. The extent of the pain from Travelex with other companies and customers has yet to be seen and won’t until the dust settles.  Read Less
January 10, 2020
Felix Rosbach
Product Manager
comforte AG
Working with third parties and sharing sensitive customer data always comes with high risks. Missing control over the infrastructure of third parties makes it sheer impossible to prevent attackers from getting access to such a complex network. Until a breach is completely analyzed by forensic experts you can’t be sure if or what data is affected – this is true for your whole network and also your partners. The best thing for banks like HSBC, Lloyds Banking Group and Virgin Money - who are.....Read More
Working with third parties and sharing sensitive customer data always comes with high risks. Missing control over the infrastructure of third parties makes it sheer impossible to prevent attackers from getting access to such a complex network. Until a breach is completely analyzed by forensic experts you can’t be sure if or what data is affected – this is true for your whole network and also your partners. The best thing for banks like HSBC, Lloyds Banking Group and Virgin Money - who are working with Travelex - is to take the affected online services offline until forensics and recovery is done. Focusing on a data-centric security strategy to making sure that data is protected and access to it is restricted all the time – even in third party networks - is the best any organizations can do to reduce the risk of a breach. Third parties should only use tokens instead of clear-text data to process payments and store sensitive data. If hackers get access to these tokens, the data is useless. Protecting data is more important than just preventing breaches.  Read Less
January 10, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
The Travelex issue is rapidly becoming the gift that keeps on giving. After being hit with ransomware, the response from Travelex will certainly be showcased in the future as a prime example of how not to respond to a cyber incident. The lack of transparency about the extent of the impact to systems, customers, and partners is clearly having a knock on effect to banks. With the criminals behind the attack demanding USD $6m, the chances of them receiving a payment grows each day that.....Read More
The Travelex issue is rapidly becoming the gift that keeps on giving. After being hit with ransomware, the response from Travelex will certainly be showcased in the future as a prime example of how not to respond to a cyber incident. The lack of transparency about the extent of the impact to systems, customers, and partners is clearly having a knock on effect to banks. With the criminals behind the attack demanding USD $6m, the chances of them receiving a payment grows each day that Travelex is unable to operate. However, ransomware is only one part of the woes. The criminals also claim to have customer data which they are threatening to release unless payment is made. If it is true that the criminals have gotten a copy of Travelex's customer data - then there is a much larger issue at hand.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.