MoneyGram confirms hack: Social Security numbers, driver’s licenses, and other customer data have leaked

On Monday, MoneyGram confirmed that it had been targeted in an cyberattack, resulting in an unauthorized party gaining access to their company's internal systems. 

It's unclear how many of MoneyGram's customers were affected. According to the company's website, MoneyGram has more than 150 million customers across 200 countries and territories.

MoneyGram notified customers about the data breach on its website, explaining that the information affected will be different for each customer.

The types of customer data that have been stolen in the breach include names, home addresses, phone numbers, email addresses, birthdays, Social Security numbers, bank account numbers, MoneyGram Plus Rewards numbers, and transaction information. 

In addition, copies of IDs, such as driver's licenses as well as other identification documents like copies of utility bills, were also taken. MoneyGram said that for a "limited number of consumers," criminal investigation information was also taken in the cybersecurity incident.

MoneyGram data breach just the latest theft of customer data

MoneyGram first became aware of unauthorized access of its internal systems on Sept. 27, 2024 and proceeded to temporarily shut down the affected systems.

"Upon detecting the issue, we took steps to contain and remediate it, including proactively taking certain systems offline, which temporarily impacted the availability of our services," MoneyGram said in a statement.

After a subsequent investigation, the company shared that the breach took place between September 20 and 22.

Just yesterday, Mashable reported on a data breach affecting Comcast customers. However, in that cybersecurity incident, Comcast customers' data was taken via a data breach at a third-party data collection company. MoneyGram's data breach is a result of a direct hack of the money transfer company itself.

According to BleepingComputer's report, the cybersecurity incident at MoneyGram was the result of a social engineering attack on its IT help desk. A hacker allegedly impersonated an employee and gained access to the company's network. MoneyGram has yet to share details of the incident. However, the company has confirmed that it is not a ransomware attack.

Due to the breach, MoneyGram will be providing affected customers with two years of free identity protection and credit monitoring services.