MoneyGram on Monday announced that personal information was stolen in a September 2024 cyberattack that caused a worldwide services outage.
The company disclosed the incident on September 23, one day after taking some of its systems offline, which led to money transfer services downtime.
A few days later, MoneyGram restored core services and started processing transactions, and brought its website and application back online. While money transfer services remained down in some regions, the company has now resumed normal business operations.
On Monday, the company announced that its investigation into the incident has determined that the threat actors behind the intrusion had access to its systems between September 20 and 22, and that they accessed and exfiltrated personal information pertaining to certain customers.
“Upon detecting the issue, we took steps to contain and remediate it, including proactively taking certain systems offline, which temporarily impacted the availability of our services,” the company says in an incident notice on its website.
The data breach impacted names, addresses, phone numbers, email addresses, dates of birth, national ID numbers, copies of government-issued IDs, other identification documents, bank account numbers, transaction information, MoneyGram Plus Rewards numbers, and criminal investigation information.
According to MoneyGram, the types of compromised information may vary by individual, but all customers should remain vigilant for fraud and identity theft attempts, by reviewing their account statements.
The company is providing the affected individuals with free identity monitoring services for two years. For US customers, these services also include free credit monitoring.
Related: 238,000 Comcast Customers Hit by FBCS Ransomware Attack
Related: National Public Data Says Breach Impacts 1.3 Million People
Related: Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records
Related: Social Blade Confirms Breach After Hacker Offers to Sell User Data