Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

The Ransomware Files, Episode 8: Travelex

For Don Gibson, Incident Response Brought on Health Problems
The Ransomware Files, Episode 8: Travelex

Ransomware struck global currency exchange and remittance company Travelex on New Year’s Eve 2019. Don Gibson, then a security architect at the company, was DJing at a friend's place when the first alerts came in.

"It started kicking off," Gibson says. "We really started noticing it in the evening because it had started in the Far East."

That night was the beginning of a turbulent period for Gibson that lasted throughout the rest of the year. His name became publicly linked with the Travelex incident, and the attention he received was completely undesired.

His story is one of how social media, a frantic incident response and stress contributed to a nearly tragic health outcome. He went from IR, or incident response, to the ER - the hospital’s emergency room.

"January 2020, I worked over 375 hours,” Gibson says. "That's over three months' worth of work in one. My boss, I believe, did more. Toward the end of the month, it was getting ugly, as in personally getting ugly."

By September 2020, Travelex had recovered - while restructuring its business, but Gibson already had had a very long year. His health was wavering.

"Basically, my heart started messing around," he says.

"The Ransomware Files" is a podcast miniseries available on Spotify, Apple Podcasts, Google, Audible, Stitcher and more. I'm speaking with those who have navigated their way through a ransomware incident to learn how they fought back and what tips they can pass on to others. No ransomware infection is ever welcomed. But there's invaluable knowledge gained. There should be no shame in getting infected, and it's important to share the lessons.

If you enjoyed this episode of "The Ransomware Files," please follow it on a podcast platform and leave a review. Also, the show has a Twitter handle, @ransomwarefiles, that tweets news and happenings about ransomware.

If you would like to participate in this project and tell the information security community about your organization's brush with ransomware, please get in touch with me at or direct message me here on Twitter. I'm looking for other people, organizations and companies that can share their unique experiences for the benefit of all until ransomware, hopefully, is no longer a threat.


Speakers: Don Gibson, former security architect, Travelex; Jeremy Kirk, Executive Editor, Information Security Media Group.

Production Coordinator: Rashmi Ramesh.

The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Records.

Music by Uppbeat and


  • Bad Packets, Over 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510, Aug. 24, 2019;
  • Bankinfosecurity, Hacked Law Firm May Have Had Unpatched Pulse Secure VPN, May 21, 2020;
  • BBC, Travelex being held to ransom by hackers, Jan. 7, 2020;
  • BBC, Travelex site taken offline after cyber attack, Jan. 2, 2020;
  • BBC, Travelex strikes rescue deal but 1,300 UK jobs go, Aug. 6, 2020;
  • CISA, Vulnerabilities in Multiple VPN Applications, July 26, 2019;
  • Computer Weekly, Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack, Jan. 6, 2020;
  • Reuters, IN BRIEF: Travelex hit with suit over failure to secure personal data, April 22, 2020;
  • Travelex, A message from our CEO, Jan. 17, 2020;
  • Wall Street Journal, Travelex Ransomware Outage Hits Foreign-Currency Transactions at Retail Banks, Jan. 9, 2020;
  • Wall Street Journal, Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles, April 9, 2020;
  • Wall Street Journal, Major Companies Shared Vulnerability Used in Travelex Cyberattack, Jan. 16, 2020;

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.