MoneyGram has confirmed that hackers stole prospects’ private data and transaction knowledge in a September cyberattack that brought on a five-day outage.
The corporate first detected the assault on September twenty seventh, inflicting it to close down IT techniques, stopping MoneyGram prospects from accessing or transferring cash to different customers.
In a brand new data breach notification printed right this moment, MoneyGram now says that the menace actors had entry to its community even earlier, between September 20 and 22, 2024.
Throughout this time, the menace actors stole a different quantity of delicate buyer data, together with transaction data, e mail addresses, postal addresses, names, cellphone numbers, utility payments, authorities IDs, and social security numbers.
“The impacted data included sure affected client names, contact data (akin to cellphone numbers, e mail and postal addresses), dates of delivery, a restricted variety of Social Safety numbers, copies of government-issued identification paperwork (akin to driver’s licenses), different identification paperwork (akin to utility payments), checking account numbers, MoneyGram Plus Rewards numbers, transaction data (akin to dates and quantities of transactions) and, for a restricted variety of customers, prison investigation data (akin to fraud),” reads the data breach notification first noticed by TechCrunch.
MoneyGram says the quantity and sort of knowledge stolen range relying on the affected buyer. The particular data stolen from a buyer will doubtless be listed in data breach notifications despatched to impacted people.
BleepingComputer first reported that MoneyGram was breached by a social engineering assault on its IT assist desk the place menace actors impersonated an worker.
As soon as they gained entry to the community, the menace actors initially focused the Home windows lively listing companies to steal worker data.
CrowdStrike has been helping MoneyGram in investigating the incident.
It’s unknown who’s behind the assault, and no menace actors have claimed duty. Nevertheless, MoneyGram has confirmed it was not a ransomware assault.
When you’ve got any data relating to this incident or another undisclosed assaults, you possibly can contact us confidentially by way of Sign at 646-961-3731 or at ideas@bleepingcomputer.com.
