MoneyGram, a global money transfer company, has disclosed on its website that a data breach has exposed sensitive information such as Social Security numbers, bank account details, and more to hackers.
The attack put the company’s transactions at a standstill for five days, but MoneyGram also says that the hackers already had access to the network before anyone was aware. MoneyGram confirms that hackers accessed the network between September 20 and 22, 2024, and that the hackers initially focused on the Windows active directory to steal the data.
During this time, hackers stole sensitive information such as “consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud),” reads the company’s posting.
All affected users received notification of the breach, and the type and sort of data stolen depends on the affected customer. MoneyGram has not given a number of the affected customers, but it is currently investigating the incident. It’s known that the attack wasn’t a ransomware attack and that MoneyGram is getting help from CrowdStrike to investigate the attack. No one has claimed responsibility for the attack, but hopefully, the company will release more information shortly.
MoneyGram encourages consumers to be vigilant for incidents “of fraud and identity theft by reviewing account statements and monitoring your free credit reports. If you are in the U.S. and would like to check your credit report, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies.”