Introduction
U.S.-based money transfer company MoneyGram has confirmed that a cyberattack occurred last month, during which unauthorized third parties accessed and obtained customer data, including sensitive personal information such as names, phone numbers, postal codes, email addresses, dates of birth, national identification numbers, limited Social Security numbers, and government-issued documents like driver’s licenses. The incident also involved transaction details, including dates and amounts, as well as potential fraud-related information for some customers.
Cyberattack Details
The cyberattack took place on Saturday, September 20, according to MoneyGram’s official statement. This event led to an outage that persisted for the entire following week, significantly disrupting the company’s website and mobile application operations. The nature of the cyberattack remains under investigation by MoneyGram’s cybersecurity team.
Customer Data Stolen
The stolen data includes a wide range of personal information:
- Names, including first and last names.
- Phone numbers, including both mobile and landline details.
- Postal and email addresses for billing purposes.
- Dates of birth to potentially allow identity verification.
- National identification numbers such as Social Security numbers, credit card numbers, and bank account information.
Additionally, the compromised data includes limited number of Social Security numbers, along with government-issued documents like driver’s licenses, utility bills, and bank statements that contain personal information such as bank account numbers.
Transaction Information
The stolen data also encompasses detailed transaction records, including dates and amounts from MoneyGram’s customers. For a subset of these customers, the breach may have exposed criminal investigation information, such as fraudulent activity or identity theft attempts.
Outage Impact
The extended outage caused significant disruptions to MoneyGram’s operations, including its website (www.mONEYGRAM.com) and mobile app (available on iOS and Android). The company reported that during the outage, approximately 50 million customers globally experienced interrupted access to their accounts or services.
Response from MoneyGram
MoneyGram has stated that its investigation is in its early stages, with a focus on identifying which customers may have been affected by this incident. The company has not provided an estimate of how many individuals might be impacted, but it has assured customers of its commitment to addressing the issue promptly and ensuring full security measures are implemented.
Additionally, MoneyGram has taken steps to notify affected customers through their existing channels of account access. The company has also begun working with its network service providers (NSPs) to identify and mitigate potential risks associated with the compromised data.
Conclusion
The cyberattack on MoneyGram, which occurred in September 2023, highlights vulnerabilities within the company’s systems and underscores the importance of robust cybersecurity practices. While the exact extent of customer impact remains unclear due to limited information, MoneyGram is taking steps to reassure customers and restore trust in its operations.