Cyber Threat Radar – MoneyGram has acknowledged that a cyberattack in September resulted in the theft of customers’ personal information and transaction details, leading to a five-day service disruption.
In a recently released data breach notification, MoneyGram revealed that the threat actors had infiltrated its network even prior to this, specifically between September 20 and 22, 2024. The company identified the attack on September 27th, which led to the shutdown of its IT systems and restricted MoneyGram customers from accessing or transferring funds to other users.
Sensitive Customer Data Exposed
During this period, the malicious actors acquired a diverse range of sensitive customer data, which encompassed names, addresses, phone numbers, email accounts, utility bills, government identification, social security numbers and transaction details.
In its data breach notice to customers, MoneyGram stated:
- The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud). The types of impacted information varied by affected individual.
- Upon detecting the issue, we took steps to contain and remediate it, including proactively taking certain systems offline, which temporarily impacted the availability of our services. We also launched an investigation with the assistance of leading external cybersecurity experts and have been coordinating with law enforcement. Our systems are back online and we have resumed normal business operations.
In addition, MoneyGram has arranged to offer affected U.S. consumers identity protection and credit monitoring services for two years at no cost.
Incident Not Related To Ransomware
The identity of those responsible for the attack remains unclear, and no individuals or groups have come forward to take responsibility. Nevertheless, MoneyGram has verified that the incident was not related to ransomware.
“The MoneyGram data breach included sensitive customer information proving the theft of data is big business for threat actors and causes massive reputational damage to the affected companies,” commented Raph Tristao, Global Cybersecurity Account Director, SentryBay. “SentryBay’s Armored Client is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The solution utilises endpoint access isolation in a manner which does not impact on performance and includes Keylogging and Screen Capture protection.”
