Websites across some 30 countries remain locked down for Travelex customers as the foreign exchange firm deals with a ransomware attack that’s crippled its operations since New Year’s Eve.

Company officials say they took their websites offline in Europe, Southeast Asia and North America as a precaution to contain the spread of the ransomware known as Sodinokibi, or also as REvil.

The announcement followed a week’s worth of messages that said the site was down for planned maintenance but it was finally corrected on Tuesday. Travelex said there’s “no evidence” that customer data has been compromised, but Computer Weekly and other media outlets say they’ve connected with the entity that’s behind the attack and they claim they have personal data and demand a $3 million ransom.

“Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise,” said Travelex CEO Tony D’Souza. “Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.”

Customers, however, say they’ve been left in the dark and don’t have access to their funds. Cyber security expert Kevin Beaumont said the lack of transparency is a glaring error for Travelex. “I think it’s a good learning point for other organizations around incident response – maybe the age of transparency is upon us,” he added in a Twitter message.

The National Cyber Security Centre in the UK continues to investigate the attack.