It might make sense that as commerce goes ever global, and as banks do an increasing volume of business cross-border, that the hackers and fraudsters would look at FX as a lucrative way to ply their malevolent trade.
And the ripple effect, truly, is international in scope.
News came this week that several banks based in the United Kingdom – including HSBC, Lloyds and Barclays – were essentially hobbled in their foreign exchange operations, rendered unable to take orders from end users (such as travelers) for foreign currencies. The problem ties into the fact that Travelex was held up, in a manner of speaking, for ransom.
Ransomware, to be exact.
Travelex gave the nod early in the year to a “software virus,” which has been the work of the hacker group known as Sodinokibi, which also goes by the REvil moniker. The bad actors demanded $6 million in order to return encrypted customer data. The company said in a statement that the data had not been compromised, adding that “we have now contained the virus and are working to restore our systems and resume normal operations as quickly as possible. Travelex’s network of branches continues to provide foreign exchange services manually.”
In terms of the mechanics, the group has attacked end users through suppliers – and in this case, Travelex, of course, provides FX services across more than 1,200 terminals, many of them in airports.
The banks reportedly shut off their online retail FX exchange services, which had been outsourced to Travelex.
Defaulting to Manual Processes
The fact that the system has shifted to manual tasks speaks to the impact ransomware attacks can have. It may be the case that Travelex has contained the attacks. But then again, a business that has relied on automation, speed and convenience has become reliant, at least for now, on pen and paper.
The threats and concerns are severalfold. First, there’s the fact that, as reported in The New York Times, the hackers said they had downloaded five gigabytes of sensitive data, which they had been siphoning over a period of at least six months. The hackers have said, too, that they will sell the data if there is no Travelex response by Jan. 14. The length of time the hackers said they had been grabbing data – a period, again, of months – is alarming. Travelex has also said that it does not yet have “a complete picture” of all the data that has been encrypted.
Travelex may also find itself on the receiving end of regulatory action, given the fact that the GDPR penalizes companies that do not have adequate data protection in place. The fines can be as much as 4 percent of the annual top line (Travelex logged the equivalent of about $950 million in 2018 sales).
Finablr, as the parent of Travelex, does not expect to see a material impact from the breach. But then again, reputation is important – and the fact that Finablr’s stock has fallen more than 10 percent on the London exchanges in the wake of the hacking news shows the possible impact.
Finally, might the ransomware attack have another, far-reaching impact? Reports into Friday (Jan. 10) state that, as noted by engadget.com, Samsung Pay’s international money transfer service – tied to the Travelex service – has been suspended.
Remittances, of course, are big business. The World Bank, to point to just one estimate, has said that global remittances are growing in the mid-single-digit percentages, from a recent reading of more than $689 billion in 2018. Get ready, then, for hackers without borders targeting FX with devastating effect.