MoneyGram has disclosed that a cyberattack in September compromised personal and transaction data belonging to its customers. The fintech identified the breach on 27 September, prompting a temporary shutdown of its IT systems, which suspended customer transactions and account access.
According to a new data breach notice, MoneyGram has determined that unauthorised access occurred between 20 and 22 September 2024. During this time, attackers were able to extract various forms of sensitive customer data, including transaction records, email addresses, names, phone numbers, postal addresses, utility bills, government identification documents, and social security numbers.
The payments and money transfer company has launched an investigation into the breach, working with external cybersecurity experts and law enforcement. While the investigation is still in progress, MoneyGram’s services have been fully restored, and normal operations have resumed.
MoneyGram breach encompasses a wide range of personal data
MoneyGram noted that the information affected varied from one customer to another. Impacted data included names, contact details such as phone numbers and addresses, dates of birth, national identification numbers, and a limited number of social security numbers. Additionally, some customers’ bank account numbers, MoneyGram Plus Rewards numbers, transaction histories, and, in specific cases, information related to fraud investigations were accessed.
The company has committed to notifying affected customers and outlining the specific details of the compromised data.
BleepingComputer, the first to report the incident, indicated that the breach was likely instigated through a social engineering attack. The attackers reportedly impersonated a MoneyGram employee, allowing them to infiltrate the company’s network. Once inside, they targeted Windows Active Directory services to gain access to employee information.
CrowdStrike has been engaged to assist MoneyGram in investigating the breach.
The identity of the attackers remains unknown, and no group has claimed responsibility for the incident. However, MoneyGram has clarified that the attack was not linked to any ransomware activity.
Earlier this week, Comcast Cable Communications and Truist Bank reported that a security breach at Financial Business and Consumer Solutions (FBCS), a US-based debt collection agency, had compromised their customers’ personal data. Both companies have begun notifying those affected by the breach. The incident occurred within FBCS, which manages debt collection services for several organisations.
FBCS had publicly revealed in April 2024 that its systems had been infiltrated by cybercriminals between 14 February and 26 February 2024. During this period, unauthorised access to the agency’s network led to the theft of sensitive data stored in its digital systems.