MoneyGram, an international money transfer service, recently announced on its website that a data breach has compromised sensitive information, including Social Security numbers and bank account details, exposing it to cybercriminals.
The incident halted transactions for five days; however, MoneyGram reported that hackers had already penetrated the network prior to the breach being detected. Access to the company’s systems occurred between September 20 and 22, 2024, during which the cyber attackers mainly targeted the Windows Active Directory to extract data.
The stolen information includes “consumer names, contact details (including phone numbers, email, and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (like driver’s licenses), various identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, and transaction details (including transaction dates and amounts). For some individuals, information related to criminal investigations (like fraud) was also accessed,” according to the company’s statement.
Every affected individual has been notified of the breach, though MoneyGram has not disclosed how many customers are involved and is actively investigating the situation. Authorities have confirmed that this attack did not involve ransomware, and the company is collaborating with CrowdStrike for a thorough investigation. As of now, no group has claimed responsibility for the cyberattack, but it is anticipated that more details will emerge soon.
MoneyGram stresses the importance of vigilance against fraud and identity theft, urging consumers to regularly review their account statements and check their credit reports. Residents of the U.S. are entitled to one free credit report each year from each of the three major credit reporting agencies as stipulated by federal law.