Foreign exchange company Travelex is being held to ransom by hackers who unleashed the Sodinokibi ransomware and are reportedly requesting a $6 million payment (likely in cryptocurrency), BBC reports.
In a statement issued on January 7, Travelex said the intrusion was discovered on December 31. The company says it took all its systems offline as a precautionary measure.
“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” the company statement reads.
According to the BBC, the attackers say they gained access to the company’s computer systems six months ago and downloaded 5GB of sensitive customer data.
The gang told the BBC that they have customers‘ date of birth, credit card information, and national insurance numbers.
The hackers added: “In the case of payment, we will delete and will not use that [data]base and restore them the entire network.
“The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”
It’s not known whether Travelex is negotiating with the hackers. The company has not yet specified when normal service will resume.
In the meantime, customers have told the BBC that they feel let down, complaining that their travel money is “in limbo.”