MoneyGram confirms crooks grabbed customers’ personal and transaction data


MoneyGram, a US financial payment services giant, has confirmed that hackers stole customers’ personal information and transaction data in a large cyberattack at the end of September.

In a statement, MoneyGram said that an unauthorized third party “accessed and acquired” customer data during the cyberattack on September 20th.

The peer-to-peer payments company had announced late last month that it was “experiencing a network outage impacting connectivity to a number of our systems.” The outage lasted for a full week, with MoneyGram’s website and app going offline.

ADVERTISEMENT

The firm, serving over 50 million people in more than 200 countries, had also admitted to identifying a cybersecurity issue but soon said it was rapidly restoring “key transactional systems.”

Now, MoneyGram says that the hackers managed to pilfer information of “certain consumers.” It varies by individual.

The stolen data includes certain affected consumer names, phone numbers, email, and postal addresses, dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents such as driver’s licenses, other identification documents like utility bills, bank account numbers, and MoneyGram Plus Rewards numbers.

It also includes transaction information, such as the dates and amounts of transactions, and, for a limited number of consumers, criminal investigation information, such as fraud.

MoneyGram said in the statement that it has launched an investigation with the assistance of leading external cybersecurity experts and has been coordinating with law enforcement. However, the firm is still working to determine which and how many individuals were affected.

Founded in 1998 and headquartered in Dallas, Texas, MoneyGram is among the top providers of global P2P payment services and money transfers. It offers both in-person and digital services to millions of customers each year.

“Major breaches like this one can have a devastating impact on organizations and their users,” Renuka Nadkarni, chief product officer at Aryaka, a cloud-based network and security solutions firm, previously told Cybernews.

Nick Tausek, lead security automation architect at Swimlane, also pointed out that “financial services organizations are prime targets for cybercriminals, due to the large amounts of money and sensitive data they hold.”

ADVERTISEMENT