close
close

MoneyGram says customer data was stolen in the September attack


MoneyGram says customer data was stolen in the September attack

MoneyGram confirmed Monday evening that customer data was stolen in a cyberattack last month that sparked international outrage after customers were unable to send funds.

The company posted a new message on its website, which was first reported by TechCrunch. MoneyGram has refused to respond to requests for comment since the incident was confirmed on September 24, refusing to explain whether the service outage was caused by a ransomware attack or something else.

In the new notice, the company said that as of September 27, it had determined that “an unauthorized third party accessed and obtained personal information of certain consumers between September 20 and September 22, 2024.”

MoneyGram did not respond to requests for comment on how many people were affected, but said the stolen data included names, contact information, Social Security numbers and government-issued IDs — and in some cases, utility bills, bank account numbers and transaction information.

And “for a limited number of consumers,” the affected data included “criminal investigation information (e.g., fraud).”

MoneyGram said it had enlisted the assistance of cybersecurity experts and worked with law enforcement.

“After discovering the issue, we took steps to contain and resolve it, including proactively taking certain systems offline, which temporarily affected the availability of our services,” the company said.

By September 26, MoneyGram's systems were back to normal, but hundreds of customers took to social media to complain about the outages.

The company facilitates billions of dollars worth of remittances from the United States and Europe to developing countries each year. The incident prompted several governments to apologize to citizens on behalf of MoneyGram for the outages and warn of delays in receiving funds. The company processes more than $200 billion in transactions each year in over 200 countries and territories.

MoneyGram said it would offer identity protection and credit monitoring services to some customers affected by the breach for two years – and also urged customers to “remain vigilant” against attempted scams.

BleepingComputer reported this weekend that MoneyGram received an email to its partners on September 25 saying it had hired cybersecurity giant CrowdStrike to conduct an investigation and that no evidence of ransomware had been found.

A source told the news outlet that MoneyGram was breached by a social engineering attack that targeted the company's IT help desk – a tactic used successfully in attacks on Microsoft, MGM Casino and other major companies.

A spokesperson for the UK government's Information Commissioner's Office told Recorded Future News that it had received a report from MoneyGram and was “investigating.”

Get more insights with the

Recorded future

Intelligence Cloud.

Learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *