MoneyGram has confirmed that a cyberattack in September led to the theft of customers’ personal and transaction data, causing a five-day service outage. The attack, which was first detected on September 27th, forced the company to shut down its IT systems, halting money transfers and customer access. However, MoneyGram’s latest data breach notification reveals that the attackers had actually accessed its network earlier, between September 20 and 22, 2024.
During that period, the hackers stole a range of sensitive information, including customer names, contact details (such as phone numbers, email, and postal addresses), dates of birth, Social Security numbers, government-issued IDs, utility bills, bank account details, MoneyGram Plus Rewards numbers, transaction details, and even fraud-related criminal investigation information for some customers.
According to the breach notification, which was first spotted by TechCrunch, the amount and type of data stolen vary depending on the customer. Specific details regarding the data stolen will be outlined in individual notifications sent to those affected.
BleepingComputer reported that the breach originated from a social engineering attack targeting MoneyGram’s IT help desk, where attackers impersonated an employee. Once inside the network, they initially aimed at the Windows active directory services to gather employee data. CrowdStrike has been brought in to assist MoneyGram in investigating the breach.
Although it remains unclear who is responsible for the attack, and no threat actors have claimed credit, MoneyGram confirmed that the incident was not a ransomware attack.