Image copyright Natalie Whiting Image caption Natalie Whiting from Stevenage hasn’t received her euros
Customers of Travelex say they feel let down after being left with no travel money from the company which is in the midst of a cyber-attack.
One customer, Natalie Whiting from Stevenage, ordered £1,000 worth of euros online through Tesco.
“I haven’t been able to get a refund of my money, it just seems to be in limbo,” she told the BBC.
On Tuesday, the foreign currency trader confirmed that it is the victim of a ransomware attack.
The criminals behind the hack told the BBC they are demanding $6m (£4.6m) or company computer systems will be deleted and customer data sold online.
Image copyright Getty Images
Business partners which rely on Travelex for currency services, like Sainsbury’s, Tesco and Virgin Money have also been affected.
“I ordered over £1,000 of euros from Tesco bank online for collection in my local Tesco store on 31 December, ready to be collected on 3 January,” Ms Whiting told the BBC
“The money was taken from my account and an order confirmation was sent to me, but I went to Tesco to collect my euros last Friday to be told of the Travelex issue.
“I am now £1,000 out of pocket after saving up for so long and there’s no information or help.”
Computers offline
Travelex confirmed to the BBC that no direct communication had been sent to customers about the attack, partly because all the computer systems are offline.
Visitors to the Travelex UK website are told that the site is down for “planned maintenance” and partner sites, including Sainsbury’s travel money, have similar messages.
Image copyright Stephen Wright Image caption Stephen Wright had to buy currency elsewhere
Stephen Wright, from Banff in north-east Scotland, is also furious with the way the company is handling the incident.
He said: “I ordered euros on 23 December from Tesco bank. Delivery was due on 3 January but obviously, due to the sorun with Travelex, nothing özgü yet arrived.
“There özgü been no communication from Tesco bank, so I called them. They simply say there is nothing they can do, that I must just wait until the sorun is rectified, whenever that will be.
“I have been forced to purchase more euros elsewhere, leaving me considerably out of pocket.”
No ICO report
A ransomware gang called Sodinokibi carried out the attack.
The gang, also known as REvil, claims it first gained access to the company’s computer network six months ago and özgü since downloaded 5 gigabytes of sensitive customer data.
Dates of birth, credit card information and national insurance numbers are all in their possession, they claim.
However, a Travelex spokeswoman said on Tuesday night in a statement: “Whilst the investigation is still ongoing, Travelex özgü confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil.”
“Travelex özgü proactively taken steps to contain the spread of the ransomware, which özgü been successful. To date, the company can confirm that whilst there özgü been some data encryption, there is no evidence that structured personal customer data özgü been encrypted.
“Whist Travelex does not yet have a complete picture of all the data that özgü been encrypted, there is still no evidence to date that any data özgü been exfiltrated.”
The Information Commissioner’s Office (ICO) said it had not received a data breach report from Travelex.
A spokeswoman added: “Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people’s rights and freedoms.
“If an organisation decides that a breach doesn’t need to be reported, they should keep their own record of it and be able to explain why it wasn’t reported if necessary.”
Under General Data Protection Regulation, a company which fails to comply can face a maximum fine of 4% of its global turnover.
The Metropolitan Police says its Cyber Crime team is leading the investigation into the attack.
Travelex özgü not said whether or not they are negotiating with the hackers and have not given any timeframe for when düzgüsel service will resume.
Have you been affected by the cyber-attack on Travelex? Share your experiences by emailing haveyoursay@bbc.co.uk.
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:
WhatsApp: +44 7756 165803 Tweet: @BBC_HaveYourSay Send pictures/video to yourpics@bbc.co.uk Upload your pictures / video here Text an SMS or MMS to 61124 or +44 7624 800 100 Please read our terms & conditions and privacy policy
