Foreign currency exchange provider Travelex was forced to suspend some services today after the company was struck by malware Dec. 31.

The details of the attack are not clear. The company described it only as a “software virus” that has “compromised some of its services.” The attack primarily affected Travelex services in the U.K. with some international services also affected.

Travelex’s U.K. sites remain offline, with the company saying that its branches were providing foreign exchange sites manually.

“As a precautionary measure in order to protect data and prevent the spread of the virus, we immediately took all our systems offline,” the company wrote in a statement posted to Twitter. “Our investigation to date shows no indication that any personal or customer data has been compromised.”

Along with an apology to customers, Travelex added that they had deployed IT specialists and external cybersecurity experts to deal with the attack and to restore systems.

The Guardian reported that the decision to take down sites in the U.K. also affected other services that use Travelex, including Tesco Bank, the financial arm of supermarket chain Tesco plc as well as Asda Stores Ltd.

Travelex provides foreign exchange services in 70 countries across more than 1,200 branches.

What form the attack took is open to speculation given the Travelex itself hasn’t revealed any specific details. Ransomware is certainly a possibility given there’s barely a day that passes that some company somewhere isn’t dealing with it. Data theft or even financial theft are also possibilities given the size of Travelex’s global business.

That Travelex took two days to disclose the attack also has been raised, the company having instead claimed that its sites were down for maintenance before disclosing the malware attack. The details of the hack will have to be made public eventually to comply with the European Union General Data Privacy Regulation as well as U.K. laws.

Photo: Ralf Roletschek/Wikimedia Commons