Less than four months after cyber breach, Travelex puts itself up for sale
Summary
Travelex announced that it is seeking offers and that interested parties should contact PricewaterhouseCoopers. Travelex’s business was severely impacted by its December 2019 cyber breach, which put the company in a very difficult financial position even before COVID‑19 disruptions hit.
Report
Analysis
While all travel-related companies (airlines, hotels, rental cars) are dealing with unprecedented disruption due to COVID‑19, Travelex’s ransomware breach prior to the pandemic meant that it was already dealing with severe operational disruption and financial stress. As a result, it was in a very poor position to deal with the added challenges brought by COVID‑19 which has quickly forced an existential crisis for the company. These woes were detailed in Cyberhedge’s report on the December breach, including how the 2-Star rated Finablr/Travelex had significant financial weaknesses which constrained their ability to improve their cybersecurity, despite the clear need to do so.
Furthermore, as discussed in the above note, the December 2019 breach was the second publicly disclosed breach for Travelex in less than two years (a 2018 Travelex breach was disclosed in Finablr’s 2019 prospectus), indicating that poor cyber governance was a structural problem at the company, and indicative of broader mis-management.
Travelex’s bonds are trading at a quarter of face value, and troubled parent company Finablr’s shares have been suspended from trading on the London Stock Exchange since March 16, when they closed down 95% from their pre-Travelex breach levels.
Travelex/Finablr quickly turned into a cautionary tale of what can happen to a technology company that neglects the management of its core asset.