MoneyGram has confirmed it did lose sensitive customer data in the recent cyberattack against its business.
In a data breach notification letter sent to affected customers and published on the company’s website, hackers were able to access MoneyGram’s networks for two days, between September 20 and September 22.
During that time, they exfiltrated people’s names, phone numbers, email addresses, postal addresses, dates of birth, Social Security Numbers, copies of government-issued documents (for example, driver’s licenses), miscellaneous identification documents (utility bills, and such), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (dates, amounts, and more), and criminal investigation information (such as fraud).
Not a ransomware attack
That’s more than enough for phishing, identity theft, and even wire fraud. At this time, we don’t know how many people are affected by this incident, but we do know that the type of information stolen varies from person to person.
MoneyGram is a global money transfer and payment services company that enables individuals and businesses to send and receive funds internationally. It offers services including peer-to-peer money transfers, bill payments, and money orders, with operations in over 200 countries and territories.
On September 20, its customers took to social media (X, Facebook, Reddit) to complain about services not working properly, the website being offline, and other worries. Three days later, the company responded to the claims, saying it was experiencing a network outage, and later confirmed it suffered a “cybersecurity issue.” In response to this issue, MoneyGram shut down parts of its IT systems, including both online and in-person transactions.
This led to the media, and customers, speculating that MoneyGram had suffered a ransomware attack, even though no threat actors claimed responsibility – but days later, the company sent a letter to its stakeholders to confirm that this was not the case.