Cyber Incident Victim: Travelex

On December 31, 2019, Travelex experienced a cyber attack involving a software virus, prompting immediate action to take its website offline. The foreign currency exchange provider began working to address the incident on New Year’s Eve, suspending certain digital services to contain the virus and prevent potential data compromise. CEO Tony D'Souza publicly apologized for service disruptions, confirming the company had switched to manual foreign-exchange transactions at its physical branches to maintain operations. Travelex emphasized its commitment to restoring full services as quickly as possible while prioritizing data protection. Initial investigations conducted by the company found no evidence that personal or customer data had been accessed or exfiltrated during the attack.

Travelex mobilized internal IT specialists and external cybersecurity experts to isolate the virus and repair affected systems, with teams working continuously from the attack’s discovery. The manual service model remained in place across branches during the recovery effort. The website outage created secondary disruptions for third-party services reliant on Travelex’s platform, including Tesco Bank’s travel money offerings, which became unavailable. Tesco Bank acknowledged the issue publicly via Twitter but did not specify a resolution timeline. Travelex reiterated its focus on containment and system restoration but provided no further technical details about the attack vector or scope beyond confirming the website takedown as a containment measure. The company maintained its apology to customers for ongoing inconveniences caused by the incident.