
A recent cybersecurity breach at MoneyGram has exposed sensitive customer data and disrupted services globally, raising significant security concerns.
At a Glance
- MoneyGram experienced a cyberattack in September that compromised sensitive customer data.
- Operations were disrupted from September 20 to 26, affecting global services.
- Scattered Spider cybercrime group is suspected of being behind the attack.
- MoneyGram is offering free identity protection services to affected U.S. customers.
Cybersecurity Breach Details
MoneyGram, a leading money transfer company processing transactions over $200 billion annually, experienced a significant cybersecurity breach starting on September 20. The breach was discovered on September 23, causing disruptions to MoneyGram’s services as they worked tirelessly to restore operations by September 26. The intrusion was linked to a social engineering attack targeting the company’s IT help desk, allowing unauthorized access to sensitive customer data.
Stolen data includes personal information such as customer names, contact details, dates of birth, Social Security numbers, government ID copies, bank account numbers, and transaction details. This breach occurred while affecting customers and partners alike, notably the Bank of Jamaica and the UK’s Post Office. On top of that, the UK Information Commissioner’s Office is currently investigating the incident.
MoneyGram confirms customer data breach https://t.co/aSDGqSbkmR
— The Cyber Security Hub™ (@TheCyberSecHub) October 8, 2024
Who is Behind the Cyberattack?
The cybercrime group known as Scattered Spider, also referred to as UNC3944, is suspected of orchestrating the attack. They are renowned for social engineering tactics and sophisticated methods of bypassing multifactor authentication. CSR firm CrowdStrike is engaged in the ongoing investigation, yet no group has officially claimed responsibility, leaving the complete identification of culprits unresolved.
MoneyGram has temporarily taken systems offline to halt further breaches and is actively notifying affected customers of the specific details concerning the compromised data.
MoneyGram has confirmed that it was hacked. The company says some of the personal information affected includes Social Security numbers and bank accounts. https://t.co/VOZQdOmvzt
— Austin Statesman (@statesman) October 9, 2024
Measures for Customer Protection
MoneyGram has responded by advising customers to remain vigilant against fraud and identity theft. They are offering two years of complimentary identity protection and credit monitoring for impacted U.S. consumers. The company also recommends measures such as changing passwords, enabling two-factor authentication, and setting up identity monitoring to safeguard personal information.
Moreover, MoneyGram provides a free Digital Footprint scan for consumers to verify if their data is exposed online. The breach’s impact extends globally, and it is yet unclear how many consumers were affected or if non-U.S. customers were impacted.