MoneyGram confirms hackers stole customer data in cyberattack

MoneyGram has confirmed that hackers stole customers’ personal information and transaction data in a September cyberattack that caused a five-day outage.

The company first detected the attack on September 27th, causing it to shut down IT systems, preventing MoneyGram customers from accessing or transferring money to other users.

In a new data breach notification published today, MoneyGram now says that the threat actors had access to its network even earlier, between September 20 and 22, 2024. 

During this time, the threat actors stole a varied amount of sensitive customer information, including transaction information, email addresses, postal addresses, names, phone numbers, utility bills, government IDs, and social security numbers.

“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud),” reads the data breach notification first spotted by TechCrunch.

MoneyGram says the amount and type of data stolen vary depending on the affected customer. The specific information stolen from a customer will likely be listed in data breach notifications sent to impacted individuals.

BleepingComputer first reported that MoneyGram was breached through a social engineering attack on its IT help desk where threat actors impersonated an employee.

Once they gained access to the network, the threat actors initially targeted the Windows active directory services to steal employee information.

CrowdStrike has been assisting MoneyGram in investigating the incident.

It is unknown who is behind the attack, and no threat actors have claimed responsibility. However, MoneyGram has confirmed it was not a ransomware attack.

If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.