MoneyGram customer data breached in attack

MoneyGram, a financial services firm and money transfer specialist, has revealed a breach of customer data resulting from a cyber attack on its systems in late September. The company waited over a week before notifying customers of the breach.

The incident began with a network outage on 20 September and was confirmed as a cyber incident on 23 September. MoneyGram and cyber forensics experts at CrowdStrike confirmed that it was not a ransomware attack. Reports suggest that the breach may have been the result of a social engineering attack on MoneyGram’s IT helpdesk.

The breach affected MoneyGram’s global operations and led to the cancellation of a contract with the UK Post Office for money transfer services. The impact has been particularly felt in poorer countries where MoneyGram is relied upon by migrant workers to send money to their families.

In a statement released on 7 October, MoneyGram disclosed that an unauthorized third party accessed and acquired information on certain consumers on 27 September. The company is still investigating the issue.

The compromised information includes names, contact details, birthdays, national identification numbers, copies of government identity documents, bank account numbers, transaction details, and rewards program information. MoneyGram is offering affected consumers identity protection and credit monitoring services for the next two years at no cost.