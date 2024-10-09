Financial services firm and money transfer specialist MoneyGram has disclosed a breach of customer data arising from a late-September cyber attack on its systems, but has waited over a week to tell customers that they have been affected.

The incident first manifested as a network outage on 20 September, before being confirmed as a cyber incident on 23 September. According to reporting by Bleeping Computer, MoneyGram and cyber forensics experts at CrowdStrike have since confirmed it was not a ransomware attack. The outlet additionally cited internal emails shared with it that reveal the breach may have been the result of a social engineering attack on MoneyGram’s IT helpdesk.

It hit MoneyGram’s global operations and led directly to the cancellation in the UK of a longstanding contract with the Post Office to offer money transfer services within its branches. In poorer countries, where MoneyGram is relied on by workers who have migrated abroad to remit money to their families, the impact has been even more keenly felt.

In a statement published on Monday 7 October, MoneyGram said that it had determined that an unauthorised third-party had accessed and acquired information on “certain consumers” on 27 September. It added that it was still investigating “the issue”.

“Upon detecting the issue, we took steps to contain and remediate it, including proactively taking certain systems offline, which temporarily impacted the availability of our services,” said MoneyGram. “We also launched an investigation with the assistance of leading external cyber security experts and have been coordinating with law enforcement. Our systems are back online and we have resumed normal business operations.

“We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements. We also recommend that you remain alert for unsolicited communications involving your personal information.”

The affected information includes data such as names, contact details, birthdays, national identification numbers, copies of government identity documents, bank account numbers, details of transactions made on MoneyGram, and rewards programme details.

The organisation gave no indication of where the affected customers were located, but it is offering affected consumers identity protection and credit monitoring services available for the next two years at no cost.