Locks and Security News: your weekly locks and security industry newsletter
28th September 2022 Issue no. 624
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Travelex ransomware attack
On the news that Travelex is still offline after a ransomware attack on New Year’s Eve, Toni Vitale, partner and head of data protection at JMW Solicitors, says:
“The fact that, for several days, there was no coherent communication from Travelex as to the exact nature of the attack left customers, media, stakeholders and other interested parties in the dark. It also appears that Travelex did not inform the Information Commissioner’s Office (ICO) about the breach. Many may think a ransomware attack is not a data breach because the data is still on the system but if the personal data entrusted to your care is encrypted and you cannot access it or decrypt it, you could be deemed to have lost control of the data and therefore it could constitute a breach.
“Most organisations will concentrate on ensuring their IT systems are regularly updated by deploying security patches and ensuring antivirus software is installed. Whilst this approach will prevent the majority of attempts to breach security, the first line of defence will always sit with your staff. Focussing on IT systems alone is short sighted and misses the weakest link in any cyber defence system.
“If your company or organisation is unfortunate enough to be hit by a ransomware attack you may be tempted to pay the ransom. We often see that ransom demands are deliberately set at a relatively low level, for example around $300 or €300. This is to make it less expensive to pay the ransom than it would be to, say, pay for outside IT security consultants to come in to fix the problem. However, if you pay a ransom for one type of cyber-attack, you may leave your organisation open to further attacks by other hackers as well.”
22nd January 2020