People who buy travel money from Travelex or high street banks have been told to be on alert for scams, as hackers continue to hold Travelex to ransom.
Consumer group Which? said customers should watch out for unusual activity on their banking apps after the hack of currency broker Travelex. The hack has affected at least 14 UK banks that rely on Travelex for travel money services.
“Travelex customers are understandably concerned that their data might have been compromised after seeing reports that the hackers behind the attack have stolen their data,” Kate Bevan, Which?’s computing editor, said in a statement.
“It’s important that anyone who’s used Travelex services – including via other banks – keeps a close eye on their accounts for any signs of suspicious activity.”
Travelex insists no personal data has been breached.
“To date our investigations show that customer data has not been compromised,” the company said in a statement on Twitter on Wednesday.
However, the alleged hackers told the BBC they had accessed 5GB of data, including dates of birth, credit card numbers, and national insurance numbers. The hackers are demanding $6m (£4.5m), according to the BBC.
Travelex said on 2 January it had discovered a virus on its computer systems on New Year’s Eve and immediately took its systems offline in response. Computers have remained down ever since and staff have resorted to using pen and paper in its branches.
The Information Commission’s Office (ICO) said on Wednesday it had not been notified of any data breach by Travelex. Companies are required by law to notify the ICO within 72 hours if customer data is compromised.
“We are in contact with Travelex and giving advice on potential personal data issues following the recent ransomware attack, the company has not reported a data breach,” a spokesperson said on Wednesday.
Royal Bank of Scotland said Thursday it has been “advised there's been no breach of customer data. We are monitoring this closely with them and we will provide an update if this changes.”
Bevan said customers should still be wary of scammers trying to take advantage of the situation by posing as Travelex or banks.
“Consumers should be wary of attempts by opportunistic fraudsters to exploit the breach by using fake Travelex social accounts, websites, emails and text messages offering ‘support’ to try and trick people into handing over personal information or bank details,” she said.
The Metropolitan Police and the National Crime Agency are both investigating the incident.