This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

MoneyGram

Summary

From 20-22 September 2024, an unauthorized third party accessed MoneyGram's network via a social engineering attack on the IT helpdesk, stealing customer data including names, contact details, dates of birth, Social Security numbers, government-issued IDs, utility bills, bank account numbers, MoneyGram Plus Rewards numbers, transaction details, and limited criminal investigation information. The breach caused a multi-day outage through 25 September as remediation efforts took systems offline. MoneyGram offered affected US consumers two years of free identity protection and credit monitoring. Public disclosure occurred 7 October 2024.

What Happened

Internal emails revealed the breach resulted from social engineering targeting MoneyGram's IT helpdesk. Attackers accessed customer data stored in MoneyGram's network between 20-22 September, then the company took systems offline for remediation, halting transactions until 25 September.

Impact on Individuals

The breach exposed comprehensive personal and financial data creating identity theft, financial fraud, and account takeover risks.

Organisational Response

MoneyGram confirmed the breach 7 October and offered affected US consumers two years of free identity protection and credit monitoring services.

Verification Source: View original statement