US money transfer giant MoneyGram has confirmed to customers that their personal information (PII) may have been stolen in a data breach incident.
The firm posted a notice on its website yesterday following several days of speculation as to what had happened.
It claimed that it discovered evidence of the breach on September 27, after an “unauthorized third party” was able to access the PII of an unknown number of customers between September 20 and 22.
“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud),” the notice read.
“The types of impacted information varied by affected individual.”
Read more on money transfer fraud: DoJ Distributes $18.5m to Western Union Fraud Victims
The firm said it proactively took some systems offline after discovering the incident, which temporarily impacted service availability.
This tallies with a post to X (formerly Twitter) on September 23, in which it cited discovery of “a cybersecurity issue.” Presumably at that point, MoneyGram had not determined whether data had been stolen.
No tags.
