Travelex CEO Tony D’Souza has provided an update on the ransomware attack that first took down the foreign currency firm on New Year’s Eve, stating that the “first customer-facing systems in the UK are now up and running”.

The hack has had a ripple effect on the majority of the UK’s high street banks, which have been unable to process online orders for foreign currency.

“We have already restored some of our internal and order processing systems and are now starting to restore customer-facing systems, some of which are now successfully live in the UK,” said D’Souza in a video statement posted on

He added that the firm has “started restoring forex order processing electronically in our UK stores and in some of our UK retail partner locations, and we are also now starting our VAT refund service in UK airports”.

Sodinokibi, the ransomware group behind the hack, had demanded £4.6m to restore Travelex’s systems. The cybercriminals also claimed to have stolen customers’ personal data – including payment card information – and threatened to release it to the public domain unless Travelex paid up. Travelex has not said if any ransom was paid.

Since this claim, Travelex has insisted that no customer data was compromised. In today’s update D’Souza repeated this stance, stating that “to date, we have not uncovered any evidence to suggest that any customer data has left the organisation”.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Travelex update: Questions remain over attack method

The Travelex update comes 18 days after the company’s systems were attacked. It is still unclear exactly how the cybercriminals were able to compromise the exchange’s network.

D’Souza said that it’s “not appropriate” to provide any information on how the cybercriminals infiltrated Travelex’s system while the matter is still under investigation.

“When we discovered the virus, we took the tough decision to first isolate the parts of the business where it was initially found and then take down the rest of our systems,” said D’Souza.

“This enabled us to prevent its spread and minimise the damage.”

He added that the majority of the business “did in fact remain operational”. This is likely to raise eyebrows among the Travelex staff who have been forced to use a pen and paper to serve customers, as well as customers who have been unable to access currency they had already purchased.

“We could – and did – continue to provide many of our customer services through our retail outlets, even though some of the central systems necessary to provide online services and manage our wholesale and outsourcing services were unavailable,” he said.

D’Souza said that today is the “first opportunity” he has had to speak to customers directly about the ransomware attack because of “a number of technical, commercial, legal and regulatory complexities that we needed to work through in the immediate aftermath of the attack”.

Ed Williams, director EMEA at cybersecurity firm Trustwave said:

“Not being part of this investigation it’s difficult to know the detail; however,  our recommendation is to never pay the ransom because paying helps fuel the criminal industry. Sufficient policy and procedures covering data back up and disaster recovery should be in place to help mitigate this type of attack. Their Business Continuity Planning (BCP) process should be kicking in and ensuring core business is running.

“As part of this policy and procedure, I would expect complete transparency such that customers and clients can make appropriate decisions and keep a watchful eye to ensure that their data isn’t being misused by the threat actors. Communication in events of this nature is critical, we know that ransomware attacks happen and are becoming more frequent and not being open degrades trust.”

Read more: Travelex hack hits high street banks, showing dangers of “interconnectivity and dependence”