MoneyGram has confirmed that hackers stole customers' personal and transaction data in a September cyberattack that resulted in a five-day outage.

The company first discovered the attack on September 27 and caused IT systems to be shut down, preventing MoneyGram customers from accessing or transferring money to other users.

In a new data breach notification released today, MoneyGram now says the threat actors had access to its network even earlier, between September 20 and 22, 2024.

During this time, the threat actors stole a variety of sensitive customer information, including transaction information, email addresses, mailing addresses, names, phone numbers, utility bills, government IDs, and Social Security numbers.

“The affected information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of social security numbers, copies of government-issued identification documents (such as driver's licenses), other identification documents (such as utility bills), “Bank account numbers, MoneyGram Plus Rewards numbers, transaction information (e.g. dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (e.g. fraud),” reads the data breach notification, first published by TechCrunch was discovered.

According to MoneyGram, the amount and type of data stolen varies depending on the affected customer. The specific information that was stolen from a customer will likely be detailed in data breach notifications sent to affected individuals.

BleepingComputer first reported that MoneyGram was hacked through a social engineering attack on its IT help desk in which threat actors posed as employees.

After gaining access to the network, the threat actors first attacked Windows Active Directory services to steal employee information.

CrowdStrike assisted MoneyGram in investigating the incident.

It is unknown who was behind the attack and no threat actor has claimed responsibility. However, MoneyGram has confirmed that it was not a ransomware attack.

If you have information about this incident or other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at [email protected].