MoneyGram hack update: Breach included Social Security numbers, government documents, bank and other sensitive data

MoneyGram is back online after a cybersecurity breach disrupted services and personal information. Between September 20 and 22, an “unauthorized third party” accessed and obtained the personal data of some MoneyGram customers, the company said, leaving users unable to access their accounts.

The remittance service issued an update this past Monday, confirming that systems are back online (although some customers on social media are still complaining about the outage). But the investigation, which the company says involves outside cybersecurity and law enforcement experts, is ongoing. Here’s what we know so far:

What information was disclosed?

MoneyGram revealed that the compromised data included:

• Names
• Contact details (phone numbers, emails, postal addresses)
• Birthdays
• National identification numbers
• A “limited” number of Social Security numbers
• Copies of government-issued identification (such as a driver’s license)
• Other identification documents (such as utility bills)
• Bank account numbers
• MoneyGram Plus Rewards numbers
• Transaction information (such as transaction dates and amounts)

A “limited number” of customers also had experience of criminal investigations, such as fraud, in the open, MoneyGram said.

Importantly, MoneyGram also noted that “the types of information affected vary by individual affected.”

The company is still determining which consumers are affected and has created a dedicated page (accessible via the home page of its website) with FAQs and recommendations for protecting personal information. A call center is available for affected customers, offering support in both English and Spanish, Monday through Friday, from 8 am to 8 pm CT.

When asked if MoneyGram plans to contact and notify affected customers, MoneyGram indicated Fast company in its notice and FAQ page, which did not mention that MoneyGram users should find out that their data was compromised.

The page recommends that concerned consumers in the United States sign up for identity protection and credit monitoring services, order a free credit report, and immediately report any unauthorized transactions.

Timeline of Cybersecurity Breach

MoneyGram first reported service disruptions on social media over the weekend of September 21. The company said it “recently identified a cybersecurity issue affecting certain systems” and has taken steps to resolve it, including taking systems offline to protect network integrity.

On September 26, after several days of social media updates, MoneyGram announced that its website and app are back online, allowing customers to send and receive money through their platforms again.

A day later, the company discovered that the data breach had occurred through an unauthorized third party.

MoneyGram serves more than 50 million people in more than 200 countries and territories each year, processing more than $200 billion annually. In its latest update to consumers this past Monday, MoneyGram said it “regrets any concern this matter may cause its consumers and takes its responsibility to protect personal information seriously.”