MoneyGram has confirmed that hackers stole prospects’ private info and transaction information in a September cyberattack that triggered a five-day outage.
The corporate first detected the assault on September twenty seventh, inflicting it to close down IT programs, stopping MoneyGram prospects from accessing or transferring cash to different customers.
In a brand new information breach notification printed in the present day, MoneyGram now says that the menace actors had entry to its community even earlier, between September 20 and 22, 2024.Â
Throughout this time, the menace actors stole a various quantity of delicate buyer info, together with transaction info, e mail addresses, postal addresses, names, cellphone numbers, utility payments, authorities IDs, and social safety numbers.
“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud),” reads the information breach notification first noticed by TechCrunch.
MoneyGram says the quantity and kind of knowledge stolen fluctuate relying on the affected buyer. The particular info stolen from a buyer will possible be listed in information breach notifications despatched to impacted people.
BleepingComputer first reported that MoneyGram was breached by means of a social engineering assault on its IT assist desk the place menace actors impersonated an worker.
As soon as they gained entry to the community, the menace actors initially focused the Home windows lively listing providers to steal worker info.
CrowdStrike has been aiding MoneyGram in investigating the incident.
It’s unknown who’s behind the assault, and no menace actors have claimed accountability. Nonetheless, MoneyGram has confirmed it was not a ransomware assault.
You probably have any info concerning this incident or another undisclosed assaults, you possibly can contact us confidentially through Sign at 646-961-3731 or at ideas@bleepingcomputer.com.
