MoneyGram acknowledged Monday that it was the target of a cyberattack that gave unauthorized access to its internal systems.
The money transfer company discovered the data theft and temporarily shut down its systems.
It is unclear how many MoneyGram customers were affected. According to the company’s website, MoneyGram has more than 150 million customers in 200 countries and territories.
MoneyGram notified customers about the data theft on its website, explaining that the information affected varies from customer to customer.
Stolen data
The type of customer information stolen in the data breach included names, home addresses, phone numbers, email addresses, birthdates, Social Security numbers, bank account numbers, MoneyGram Plus Rewards numbers, and transaction information.
Stolen document
Additionally, copies of other identification documents, such as ID cards such as driver’s licenses and copies of utility bills, were also stolen. MoneyGram said the cybersecurity incident also included the theft of criminal investigation data from a “limited number of consumers.”
“After identifying the issue, we took steps to contain and resolve it, including proactively taking certain systems offline, which temporarily impacted service availability,” MoneyGram said in a statement.
After a subsequent investigation, the company announced that the breach occurred between September 20-22.
MoneyGram’s cybersecurity incident was the result of a social engineering attack on the company’s IT help desk. Hackers allegedly posed as employees and gained access to the company’s network. MoneyGram has yet to release details about the incident. However, the company confirmed that it was not a ransomware attack.
As a result of this breach, MoneyGram will provide affected customers with free identity protection and credit monitoring services for two years.