Recently, the CEO of Travelex broke the silence on the cybersecurity breach that tore into the company, resulting in a $6 million ransom from hackers. While this isn’t the first time the travel industry has been hit with an attack experts are anticipating more on the horizon.
On December 31st of 2019, Travelex suddenly went offline. This global financial services company has 30 different websites around the world—and they all went down simultaneously. Customers across the globe were immediately unable to access their accounts.
Since Travelex specializes in serving business travelers, its abrupt shutdown left countless people stranded in other countries, unable to access their money. The firm’s 1,200 branches and kiosks, in over 70 countries, were reduced to using pencil and paper to process their transactions. And since Travelex is also the backend processor for a number of other financial companies (including large international banks such as Barclays and HSBC), many of these organizations were unable to fulfill foreign currency orders for their customers worldwide.
This disaster went on for more than a month. It took Travelex over 30 days to restore its sites, and longer than that to restart its backend services to banks. Executives have not revealed the amount of revenue lost during this time, but obviously it is considerable. The company’s stock price fell by more than one-third. And now there is an incalculable amount of anger and distrust from its customers. Whether or not this company will overcome these circumstances is an open question.
What caused this catastrophe?
After the shutdown, Travelex’s websites stated that service was “temporarily unavailable due to planned maintenance.†A week later, this was revealed to be untrue. The company admitted that it had been hit with a Sodinokibi ransomware attack. Hackers had broken into its network, had copied and stolen gigabytes of customer data, and then encrypted the data that remained, making it unavailable to Travelex’s system. The attackers demanded a $6 million ransom for the decryption key.
Travelex executives have not said whether or not they paid the ransom. The hacker group responsible for the attack (named REvil) has said that they did, and the fact that Travelex is finally back online lends some credence to this. However, the month-long interruption of service implies that there was a substantial delay in doing so.
A massive data breach
This incident caused turmoil in global financial markets, and directly affected many business travelers who were outside of their home countries, but were unable to access the financial services that they needed.
A much longer-lasting effect is the potential theft of customer data. The attackers claim to have exfiltrated gigabytes of customer account data. Although Travelex has denied this, financial account credentials are incredibly valuable on the black market. This information is one of the first things that a rational threat actor will pursue, and the attackers had access to Travelex’s network to do it, so it’s likely that this theft occurred.
According to some reports, several hundred thousand customers might have had their Personally Identifying Information (PII) and financial details compromised in this attack.
Learn More: The Complete Guide to Incident ResponseOpens a new window
Lessons we can learn
The Travelex breach provides several lessons in dealing with cyberattacks.
Some industries are more attractive to hackers. Ransomware attacks work best against companies with large amounts of customer accounts that can be encrypted and locked up. Data theft attacks work best against companies with a lot of valuable customer data that can be stolen. Travelex straddles two industries (travel and financial services) that meet both criteria.
The Internet is key—and so is web security. Many companies, including most travel and financial firms, are heavily dependent on the web for revenue, and any disruption of their web presence can be destructive to their bottom lines. Furthermore, an “online problem†can quickly spread offline; the Travelex attack not only brought down dozens of websites, it also paralyzed 1,200 physical locations across the globe.
Don’t be complacent. Sometimes, executives at large companies seem to assume that their firm’s size makes them resistant to cyberattacks. Travelex is a global company, serving travelers in 70 different nations, and providing backend services to multinational banks. Yet, it was crippled by a single ransomware infection.
Complacency can be expensive. Travelex has already lost an unknown (but no doubt, substantial) amount of revenue from its long shutdown. Now it will also face punitive fines from privacy regulators since Travelex has customers in Europe and the UK, so it is subject to both the GDPR and UK data privacy laws. It is therefore legally obligated to report potential compromises of customer PII within 72 hours, but its executives did not do this.
Other recent examples among travel and financial companies include British Airways, where 500,000 customer accounts were compromised, resulting in a $230 million fine, Capital One, where 106 million compromised accounts cost the bank almost $150 million in fraudulent transactions, and Marriott Hotels, which was fined $126 million after a security breach.
Keep your systems updated. To attack Travelex, hackers apparently exploited a critical vulnerability in Pulse Secure VPN servers, which is a popular vector for Sodinokibi attacks. This was not a zero-day exploit; it was announced publicly in April 2019, and a software patch was issued at that time. But Travelex did not install the patch immediately. By the time it did, it was too late and the hackers had already broken into its network.
Be honest. Travelex’s claims about “planned maintenance,†and its other attempts at covering up this disaster, have only increased public anger at the company. Being truthful and factual is key.
Learn More: How Biometrics Is Becoming The Security Of The FutureOpens a new window
The best way to prevent breaches
Updating networks and patching servers is obviously crucial, but as the Travelex breach shows, these tasks aren’t always done in a timely fashion. Although an eight-month delay is inexcusable, it’s still true that most companies struggle with deploying patches immediately.
However, modern technologies can solve this challenge. There are a number of web security solutions that run in the cloud. These platforms intercept and block hacking attempts before the traffic even reaches the targeted network. Most are fully managed by the provider, so when a new vulnerability becomes known, the security platforms are updated remotely and immediately. They gain the ability to recognize and block the incoming requests that are designed to exploit that vulnerability. Therefore, even if the target’s backend servers have not yet been patched, this won’t matter, because the attack traffic will never reach them.
Cyberattacks are a part of modern life and Travelex is only the latest in a continuing series of high-profile security disasters. No doubt, more will occur soon. Keeping these lessons learned in mind will help make sure that your organization won’t be among them.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!