MoneyGram has officially confirmed that it suffered a significant data breach during a cyberattack in September 2024, which resulted in the theft of sensitive customer information.
The breach, which occurred between September 20 and 22, has raised concerns about data security and consumer protection.
MoneyGram detected the attack on September 27, 2024, and quickly shut down its IT systems to contain the damage. The shutdown led to a temporary service outage, causing difficulties for customers trying to send or receive funds.
During the three-day attack, hackers gained access to MoneyGram’s internal network, extracting a variety of personal and transactional data from the company’s database.
The stolen information includes customer names, email addresses, postal addresses, dates of birth, phone numbers, and, in some cases, sensitive details like Social Security numbers and government-issued IDs.
The amount and type of data stolen vary depending on the individual impacted, and MoneyGram has stated that affected customers will be notified directly with further details.
The Type of Information Compromised
MoneyGram’s investigation, conducted with the help of cybersecurity experts from CrowdStrike, revealed that the hackers accessed several types of personal information. This includes:
- Contact Information: Phone numbers, email addresses, and postal addresses.
- Identity Verification Details: Copies of government-issued IDs, such as driver’s licenses, and other identity verification documents like utility bills.
- Financial Information: Bank account numbers, dates and amounts of transactions, and MoneyGram Plus Rewards numbers.
- Sensitive Data: Social Security numbers for a limited number of individuals, and even some criminal investigation information in cases of ongoing fraud investigations.
How Did the Attack Happen?
The breach reportedly started through a social engineering attack on MoneyGram’s IT help desk. The attackers impersonated an employee, allowing them to gain initial access to the network.
Once inside, they targeted MoneyGram’s Windows active directory services to steal sensitive employee information and expand their control over the system.
It’s notable that, according to MoneyGram, this incident was not a ransomware attack. No ransom was demanded, and the perpetrators have not publicly claimed responsibility for the breach.
Impact on Customers and Steps Taken by MoneyGram
Upon detecting the breach, MoneyGram took several immediate actions to secure its network and contain the damage. These measures included taking certain systems offline, leading to a disruption of services for several days.
The company has since restored its systems and resumed normal business operations, but the effects of the breach may linger for affected customers.
MoneyGram is now offering free identity protection and credit monitoring services for two years to the impacted individuals. This includes monitoring for signs of fraud or identity theft.
They also advise customers to be vigilant and monitor their financial accounts for any suspicious activity.
Ongoing Investigation and Security Measures
MoneyGram’s investigation is ongoing, with cybersecurity firms and law enforcement agencies working together to understand the full scope of the breach. They are also working to bolster their security measures to prevent such incidents in the future.
The breach highlights the vulnerabilities faced by financial institutions, even those with advanced security measures. MoneyGram has assured customers that they are taking all necessary steps to secure their systems and safeguard customer data.
For those who believe they may have been affected, MoneyGram has set up a dedicated support line and FAQ page on their website, offering guidance on how to protect against potential identity theft. Customers are encouraged to utilize these resources and take advantage of the identity protection services being offered.
