MoneyGram has confirmed that hackers accessed and stole personal and transaction data of its customers during a cyberattack in September.
The breach, which occurred between September 20 and 22, 2024, caused a week-long outage that disrupted the company’s website and app services. The breach was discovered on September 27, 2024.
The stolen data includes customers’ names, phone numbers, email addresses, dates of birth, and in some cases, Social Security numbers and government identification documents.
Added to this, postal addresses, bank account numbers, and MoneyGram Plus Rewards numbers were compromised. Transaction details, including dates and amounts, were also affected.
MoneyGram, which operates in over 200 countries and serves more than 50 million people annually, is still in the early stages of its investigation.
The company is working to identify the full scope of affected customers but has not disclosed the exact number impacted. A spokesperson for MoneyGram, Sydney Schoolfield, declined to provide further details beyond the company’s official statement.
In response to the breach, MoneyGram took steps to contain and remediate the issue, including taking certain systems offline, which temporarily impacted their services. They have launched an investigation with the help of external cybersecurity experts and are coordinating with law enforcement.
MoneyGram has already notified U.K. data protection regulators as required by law, noting the possible international implications of the breach. The company has advised affected customers to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring their credit reports.
The company has not yet revealed how the breach occurred but is continuing its investigation into the nature of the cyberattack.