MoneyGram confirmed that hackers stole customers’ personal information and transaction data in a cyberattack in September that led to a five-day outage.
The company first discovered the attack on September 27, shutting down IT systems, preventing MoneyGram customers from accessing or transferring funds to other users.
In a new data breach notice posted today, MoneyGram now says that threat actors gained access to its network even earlier, between September 20 and 22, 2024.
During this time, the threat actors stole a diverse amount of sensitive customer information, including transaction information, email addresses, mailing addresses, names, phone numbers, utility bills, government IDs, and Social Security numbers.
“Affected information includes certain names of affected consumers, contact information (such as phone numbers, email, and mailing addresses), dates of birth, a limited number of Social Security numbers, and copies of government-issued identification documents (such as driver’s licenses),” other identifying documents (such as Utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as transaction dates and amounts), and, for a limited number of consumers, criminal investigation information (such as fraud),” reads the following: The data breach notification was first spotted by TechCrunch.
MoneyGram says the amount and quality of data stolen varies depending on the affected customer. The specific information stolen from the customer will likely be included in data breach notifications sent to affected individuals.
BleepingComputer first reported that MoneyGram was compromised through a social engineering attack on its IT help desk in which threat actors impersonated an employee.
Once they gained access to the network, threat actors initially targeted Windows Active Directory Services to steal employee information.
CrowdStrike assisted MoneyGram in investigating the incident.
It is not known who was behind the attack, and no threatening party has claimed responsibility. However, MoneyGram confirmed that the attack was not ransomware.
If you have any information regarding this incident or any other attacks that were not disclosed, you can contact us confidentially via Signal at 646-961-3731 or tips@bleepingcomputer.com.
