MoneyGram Confirms Data Breach Following September Cyberattack

MoneyGram has revealed that sensitive personal information of some customers was exposed in a recent data breach, following a cyberattack that disrupted the company's global money transfer services last month.

The breach, which occurred between September 20 and 22, 2024, compromised a variety of customer data, including Social Security numbers, government-issued IDs, and bank account details, according to an official notice published yesterday.

The cyberattack, first detected on September 22, led to widespread service outages as MoneyGram took several systems offline to mitigate the threat. At the time, the company had not confirmed if customer data was compromised, though they warned customers to remain cautious. Now, following further investigation, the company has confirmed that unauthorized parties accessed personal information during the breach.

The compromised data varied by individual but included:

• Full names
• Contact information (phone numbers, email, postal addresses)
• Dates of birth
• Social Security numbers (for some users)
• Government-issued IDs (driver's licenses, passports)
• Bank account details
• MoneyGram Plus Rewards numbers
• Transaction details (dates and amounts)
• Criminal investigation information for a small subset of users

For many affected customers, the breach not only exposed personal identification details but also transaction histories and, in some cases, information related to ongoing criminal investigations, such as fraud.

Incident response

Upon discovering the unauthorized access, MoneyGram immediately took affected systems offline to contain the breach, which further disrupted its services for several days. External cybersecurity experts were brought in to assist with the investigation, while law enforcement was also notified. MoneyGram confirmed that its systems have since been restored, and regular business operations have resumed.

To help affected U.S. consumers, the company is offering two years of free identity protection and credit monitoring services. Additionally, MoneyGram advises all consumers to remain vigilant by regularly checking account statements and monitoring their credit reports for any unusual activity.

Impact on MoneyGram customers

MoneyGram, a key player in the cross-border payments industry, processes billions in transactions across over 200 countries. With a customer base of around 150 million users, the breach could have significant repercussions, particularly for those relying on its services for remittances and international payments. Prolonged outages and data leaks could erode customer trust in the platform, potentially affecting its market position.

In light of the breach, MoneyGram has urged customers to take several precautionary measures, including:

• Monitoring financial accounts for unauthorized transactions
• Ordering free credit reports through annualcreditreport.com
• Being cautious of unsolicited communications involving their personal information
• Affected U.S. consumers can also activate their free credit monitoring services by following instructions provided in the company’s “U.S. Reference Guide.”

MoneyGram continues to investigate the breach with law enforcement, but no further details regarding the nature of the attack or the identity of the threat actors have been released.