In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline as a precaution. Four days into the incident, the main Travelex UK home page was still displaying an ASP.NET default error message.
In a statement to the BBC, Travelex described the incident as a virus infection.
Travelex provides white label currency services to many High Street names including Sainsburys, HSBC, First Direct, Virgin Money and Barclays Bank which were all not available during the incident. Travelex Bureau de Changes in airports and branches are able to transact over-the-counter business having reverted to ‘manual processing.’
A well tested Security Incident Response plan is a vital part of your security infrastructure. Security Managers who adopt a ‘when not if’ approach to cyberattack preparation are more likely to ensure their business survives such an incident.
An effective way to test a Security Incident Response plan is to engage a Penetration Tester to attempt to infiltrate the network and validate whether the existing security systems will either block or detect the intrusion. Do not see this as a purely technical exercise for the IT team but involve each department from the business – from Customer Service, to Public Relations to ensure they are all ready and familiar with the plan they need to follow.