Connect with us

Tech News

MoneyGram customer data breached in attack

Published

on

MoneyGram customer data breached in attack

MoneyGram, a financial services firm and money transfer specialist, has revealed a breach of customer data resulting from a cyber attack on its systems in late September. The company waited over a week before notifying customers of the breach.

The incident began with a network outage on 20 September and was confirmed as a cyber incident on 23 September. MoneyGram and cyber forensics experts at CrowdStrike confirmed that it was not a ransomware attack. Reports suggest that the breach may have been the result of a social engineering attack on MoneyGram’s IT helpdesk.

The breach affected MoneyGram’s global operations and led to the cancellation of a contract with the UK Post Office for money transfer services. The impact has been particularly felt in poorer countries where MoneyGram is relied upon by migrant workers to send money to their families.

In a statement released on 7 October, MoneyGram disclosed that an unauthorized third party accessed and acquired information on certain consumers on 27 September. The company is still investigating the issue.

The compromised information includes names, contact details, birthdays, national identification numbers, copies of government identity documents, bank account numbers, transaction details, and rewards program information. MoneyGram is offering affected consumers identity protection and credit monitoring services for the next two years at no cost.

Social engineering is super effective

While there is no evidence linking the MoneyGram incident to other similar attacks, the breach highlights the devastating effectiveness of social engineering attacks. Dane Sherrets, a senior solutions architect at HackerOne, warns that as AI technology advances, employees will continue to be targeted by threat actors.

See also  In 2024, many Y Combinator startups only want tiny seed rounds — but there’s a catch

AI-powered tools enable attackers to conduct spear-phishing attacks at scale, making customized attacks easier than ever. Organizations should focus on educating employees and implementing least privilege principles to reduce the risk of social engineering attacks.

Trending