MoneyGram confirmed that attackers stole customer data in the September cyberattack. The company also disclosed types of data supposedly compromised and offered guidance on mitigating potential harm.
MoneyGram Hacked, Massive Data Leak Reported
US payment platform MoneyGram has confirmed that hackers gained access to sensitive customer information as a result of a cyberattack in late September. Despite the breach allegedly occurring between September 20 and 22, MoneyGram detected it only on September 27. The hack disrupted services for five days, preventing customers from making transactions. The company reported the attack publicly soon after discovering the breach.
During the attack, adversaries were able to steal a selection of personal and sensitive data and other customer details. The stolen data includes customer names, contact information, transaction details, and government-issued IDs. The company noted that the type and extent of stolen data vary by individual and said it would notify affected customers officially.
User Data Leaked in MoneyGram Hack
According to MoneyGram, in addition to the above data, the stolen information includes sensitive data such as Social Security numbers, driver’s license and utility bills. In certain cases, bank account information and transaction records were also exposed. Attackers also accessed data on criminal investigations involving fraud. MoneyGram provided a complete list of compromised data in its official notice.
Reports suggest the breach was executed using social engineering tactics aimed at MoneyGram’s IT department. An attacker impersonated an employee to infiltrate internal systems, employing a classic. The company said it is investigating and also confirmed that no extortion took place. CrowdStrike and law enforcement are involved in the investigation of the incident.
What should users do?
Regarding mitigations, the company advises customers to closely monitor their bank accounts, transaction history and credit reports for any unusual activity. US residents can obtain one free credit report per year from each of the three major credit bureaus via the official website. Seeing unusual activity there may be a sign of leaked data being used for getting loans at your expense. If such things happen to you, contact the loan issuer to get the instruction on cancellation steps.
It is expected for this incident to trigger a new wave of scams targeting MoneyGram customers. While it is unlikely that one will be able to fully protect yourself from these scams, it is possible to minimize the potential damage. For this purpose it is important to be especially vigilant when receiving any messages (emails, sms, calls, letters) related to financial activity. If you see anything like that in your inbox, consider contacting MoneyGram through official channels to verify the legitimacy of the communication and report potential fraudulent activity.
