Travelexed
A woeful start to the year for foreign exchange firm, Travelex, which has provided a textbook example of cybersecurity failure and communication incompetence. The company's services were taken down on New Year's Eve by a ransomware attack, but this was initially blamed on "planned maintenance." The attackers told the BBC that they had been in Travelex's systems for six months and had stolen 5GB of customer information which would be published unless they're paid $6 million. They appear to have accessed the systems through vulnerable Pulse Secure VPN servers. Cybersecurity company, Bad Packets, says it told Travelex about the issue last September after it spotted mass attempts to identify vulnerable installs. Despite the attackers claiming to have accessed personal data, Travelex doesn't yet appear to have informed regulators, which EU legislation obliges them to do within 72 hours of discovering the breach. This incident will be as painful for Travelex as it continues to be for its customers.