MoneyGram customer data breached in attack
MoneyGram Payment Systems, a money transfer system, said hackers who hit its infrastructure last month stole customer data.
After detecting the attack on Sept. 23, Dallas-based MoneyGram took multiple systems offline. An outage affecting the company’s services began Sept. 20, as detailed by numerous customers on social media. The company publicly confirmed the outage on the next day.
In a Monday update, the company said it brought in the intrusion response firm CrowdStrike to help with probe intrusion. MoneyGram subsequently restored systems and resumed “normal business operations” on Sept. 26.
Investigators on Sept. 27 found that from Sept. 20 to 22, attackers stole reams of customer data.
MoneyGram processes more than $200 billion in transactions annually in more than 200 countries. Results of a customer survey published by MoneyGram last month say that of those who use the service to send money abroad, nearly half do so to cover family food costs, while more than one-third send money to cover emergency expenses. More than one-third reported using the service to cover housing expenses.
While “the types of impacted information varied by affected individual,” MoneyGram said the stolen information includes:
- Customer names;
- Contact details, including phone numbers, email and postal addresses;
- Dates of birth;
- Social Security numbers – to a “limited” extent;
- Government identification document copies, such as driver’s license scans;
- Identity documents, such as utility bills;
- Bank account numbers;
- Transaction details, such as dates and amounts of transactions;
- Reward program numbers;
- Information tied to criminal investigations, for example, for fraud.
Customers this week continued to report outages in multiple countries, including the United Kingdom, although it’s not clear if those might be tied to the hack attack.
MoneyGram said its investigation is continuing. It has yet to publicly quantify the number of affected consumers, or to detail the extent to which any information pertaining to non-U.S. customers may have been stolen.
An unnamed source with knowledge of the company’s investigation told Bleeping Computer the intrusion appears to trace to a social engineering attack against MoneyGram’s IT help desk, and does not involve ransomware. The social engineering ruse enabled the hacker “to access MoneyGram’s network using an employee’s credentials and target employee information in the company’s Windows Active Directory Services,” the publication reported.
