News
MoneyGram Acknowledges Cyberattack Compromising Sensitive Customer Data
On Monday, MoneyGram International, Inc., a global leader in money transfer services, disclosed that it had been the target of a significant cyberattack. This cybersecurity breach, which involved unauthorized access to the company’s internal systems, led to the exposure of sensitive customer information. The exact number of affected individuals remains uncertain, but the company serves over 150 million customers across more than 200 countries and territories.
In a statement on its website, MoneyGram detailed that various forms of customer data had been compromised, differing for each individual. The information accessed by the unauthorized party includes names, home addresses, phone numbers, email addresses, birthdays, Social Security numbers, bank account details, and MoneyGram Plus Rewards numbers. Transaction information was also among the data accessed.
Further information divulged in the breach includes copies of identification documents such as driver’s licenses and utility bills. The company also noted that “for a limited number of consumers,” criminal investigation data had been accessed during the incident. The breach underscores significant security challenges facing global financial services companies.
MoneyGram became aware of the unauthorized system access on September 27, 2024, which prompted the company to take measures to contain and resolve the issue. This included preemptively shutting down certain systems temporarily, affecting service availability. Investigations revealed that the breach occurred between September 20 and 22.
The company announced it would offer two years of complimentary identity protection and credit monitoring services to affected customers. MoneyGram emphasized the importance of remaining vigilant against potential scam attempts following the breach.
According to cybersecurity reporting by BleepingComputer, the incident stemmed from a social engineering attack targeting MoneyGram’s IT help desk. A hacker purportedly impersonated an employee to gain access to the network. While details remain sparse, MoneyGram has assured that the breach was not a ransomware attack.
To address the incident, MoneyGram enlisted the services of cybersecurity firm CrowdStrike to conduct a thorough investigation. Furthermore, the Information Commissioner’s Office in the United Kingdom confirmed it had received a report regarding the incident and was conducting inquiries.