MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data.
In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack.
On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several of its systems.
The company took some of its systems offline to contain the attack, which suggested it was the victim of a ransomware attack.
The attack impacted both in-person and online money transfer services. The company launched an investigation into the security breach and notified law enforcement.
MoneyGram now confirmed that the cyberattack exposed customer data, including contact info (such as phone numbers, email and postal addresses), government IDs, Social Security numbers, and transaction details.
“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud).” reads the notice of data breach published by MoneyGram. “The types of impacted information varied by affected individual.”
The company is working to contain and remediate the attack with the help of external cybersecurity experts. The company already notified law enforcement about the security breach.
TechCrunch reported that MoneyGram said its investigation is in its “early stages” and is working to determine the extent of the security breach. It’s unclear how many consumers were affected by this issue.
At this time the systems are back online and the company has resumed normal business operations.
MoneyGram International was acquired by private equity firm Madison Dearborn Partners on June 1, 2023, for $11.00 per share, taking the company private. By early 2023, 50% of its transactions were digital. The company operates in over 200 countries, serving 150 million customers globally, making it a significant player in the money transfer industry.
MoneyGram holds a huge trove of sensitive customer data, for this reason, it is a prime target for cyber criminals.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)