MoneyGram Confirms Hack: Social Security Numbers, Driver's Licenses and Other Customer Data Leaked

On Monday, MoneyGram confirmed that it had fallen victim to a cyberattack that resulted in unauthorized access to its company's internal systems.

It's unclear how many MoneyGram customers were affected. According to the company's website, MoneyGram has more than 150 million customers in 200 countries and territories.

MoneyGram informed its customers about the data breach on its website, explaining that the information affected was different for each customer.

The types of customer information stolen in the breach include names, home addresses, phone numbers, email addresses, birthdays, Social Security numbers, bank account numbers, MoneyGram Plus Rewards numbers and transaction information.

In addition, copies of ID cards, such as driver's licenses, and other identification documents, such as copies of utility bills, were also taken. MoneyGram said criminal investigative information was also collected for a “limited number of consumers” in the cybersecurity incident.

MoneyGram data breach is just the latest theft of customer data

MoneyGram first learned of unauthorized access to its internal systems on September 27, 2024 and temporarily shut down the affected systems.

“When we discovered the issue, we took steps to contain and resolve it, including proactively taking certain systems offline, which temporarily affected the availability of our services,” MoneyGram said in a statement.

After a subsequent investigation, the company said the breach occurred between September 20 and 22.

Just yesterday, Mashable reported about a data breach affecting Comcast customers. However, in this cybersecurity incident, Comcast customers' data was stolen through a data breach at a third-party data collection company. The MoneyGram data breach is the result of a direct hack of the money transfer company itself.

According to BleepingComputer reportThe MoneyGram cybersecurity incident was the result of a social engineering attack on its IT help desk. A hacker is said to have posed as an employee and gained access to the company network. MoneyGram has not yet released details of the incident. However, the company has confirmed that it is not a ransomware attack.

As a result of the breach, MoneyGram will provide free identity protection and credit monitoring services to affected customers for two years.