Travelex staff put away pens and paper as UK systems come back online

More than two weeks after a crippling ransomware attack forced Travelex staff to use pen and paper to calculate foreign currency exchanges, the company said the first of its customer-facing systems in Britain was up and running again.

The cyber attack forced the company to take all its systems offline, causing chaos for New Year holidaymakers and business travellers seeking online currency services.

A phased global restoration of systems was now "firmly underway", the company said on Friday, adding that an automated order placement service used by a number of its British High Street banking partners was already live.

Travelex, owned by Finablr, provides forex services for customers of HSBC, Barclays, Virgin Money and the banking arms of British retailers Tesco and Sainsbury's.

"We have started restoring forex order processing electronically in our UK stores and in some of our UK retail partner locations, and we are also now starting our VAT refund service in UK airports," Travelex CEO Tony D'Souza said.

A spokesperson for Virgin Money, however, said customers were still unable to place orders via its travel money website, while Tesco Bank and Barclays said their systems were offline. A Royal Bank of Scotland spokeswoman also said its online and in-store systems were both still down.

"We are sorry for the inconvenience to our customers. We are working with Travelex to get our foreign currency service back up as soon as we are able to do so," a Barclays spokesman said.

Travelex said it was in the "advanced stages" of testing the systems supporting bank note orders and its UK international money transfer service.

"Individual firms will have their own processes in place to ensure there is no risk to customers. This could lead to a delay between Travelex restoring its systems and partner firms being able to begin offering related services," banking trade body UK Finance said.

Restoring operations

The company, which has a presence in more than 70 countries, had been forced to serve customers face-to-face at 1,200 locations worldwide.

Travelex had said on Monday that it was restoring operations to process foreign exchange orders electronically. It has said there was no evidence to suggest that customer data has been compromised.

The company has been working with authorities including the National Cyber Security Centre and London's Metropolitan Police, which has launched a criminal investigation.

Global companies are increasingly facing hackers who cripple technology systems with malicious programmes such as ransomware and only stop after receiving substantial payments.

Travelex, which was hit by ransomware called Sodinokibi, has not said if it paid any money to its hackers. British media reports, including from the BBC which said it had spoken with the hackers, have pegged the ransom demand at $6 million.

Neither Finablr nor Travelex has so far indicated how much the incident has cost them.

Source: Reuters 17 January, Bengaluru & London

Reporting: Noor Zainab Hussain, Lawrence White & Iain Withers