Global fintech MoneyGram offline for over three days due to 'cybersecurity issue'
Learn More
MoneyGram, the global fintech company known for its money transfer services with over 150 million customers, has been offline for over three days due to a significant "cybersecurity issue," which many suspect to be a ransomware attack
The incident began on Friday 20th of September 2024, affecting both in-person and online payment services, and as of Monday, services remained down. Initially described as a "network outage" by MoneyGram on Saturday, the company later disclosed that the cause was a "digital intrusion" affecting certain systems.
Following the breach detection, MoneyGram took its systems offline to mitigate further damage. They have since hired third-party cybersecurity experts and are cooperating with law enforcement to investigate the attack.
MoneyGram holds vast amounts of sensitive customer information, including:
- Usernames and passwords
- Bank account and credit card numbers
- Names and addresses
- Phone numbers and contact details
The company has not disclosed whether any customer data was accessed or stolen, and no known ransomware group has claimed responsibility for the attack yet.
MoneyGram has promised to restore services as quickly as possible, stating that they are "working diligently to bring our systems back online and resume normal business operations." No timeline has been given for the restoration of services.
The company has yet to confirm whether ransomware was involved, though the prolonged downtime and nature of the breach suggest that such an attack is a strong possibility.
Update - as of 7th of October 2024, MoneyGram has confirmed that the cyberattack resulted in the theft of customer personal information and transaction data. The investigation revealed that the threat actors had access to MoneyGram's network between September 20 and 22, during which they stole a range of sensitive data(
The stolen data includes:
- Personal information: names, phone numbers, email and postal addresses, and dates of birth.
- Identification documents: Social Security numbers, copies of government-issued IDs like driver’s licenses, and utility bills.
- Financial data: bank account numbers, transaction details (including dates and amounts), and MoneyGram Plus Rewards numbers.
- Sensitive information for a limited number of customers, including details related to criminal investigations like fraud).
The number of affected individuals is not disclosed. The breach was reportedly initiated through a social engineering attack where hackers impersonated a MoneyGram employee, gaining access through the company's IT help desk. The attackers initially targeted Windows Active Directory services to gather employee data before moving on to customer information.
MoneyGram has pledged to provide affected U.S. consumers with two years of complimentary identity protection and credit monitoring services.
As of 28th of October 2024, MoneyGram announced a leadership change, replacing CEO Alex Holmes with Anthony Soohoo, though the company claims the transition is unrelated to the incident. Holmes will stay on as an advisor to the board. The breach remains under investigation.
