Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MoneyGram discloses data breach following September cyberattack

MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several […]

MoneyGram

MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data.

In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack.

On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several of its systems.

The company took some of its systems offline to contain the attack, which suggested it was the victim of a ransomware attack.

The attack impacted both in-person and online money transfer services. The company launched an investigation into the security breach and notified law enforcement.

MoneyGram now confirmed that the cyberattack exposed customer data, including contact info (such as phone numbers, email and postal addresses), government IDs, Social Security numbers, and transaction details.

“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud).” reads the notice of data breach published by MoneyGram. “The types of impacted information varied by affected individual.”

The company is working to contain and remediate the attack with the help of external cybersecurity experts. The company already notified law enforcement about the security breach.

TechCrunch reported that MoneyGram said its investigation is in its “early stages” and is working to determine the extent of the security breach. It’s unclear how many consumers were affected by this issue.

At this time the systems are back online and the company has resumed normal business operations.

MoneyGram International was acquired by private equity firm Madison Dearborn Partners on June 1, 2023, for $11.00 per share, taking the company private. By early 2023, 50% of its transactions were digital. The company operates in over 200 countries, serving 150 million customers globally, making it a significant player in the money transfer industry.

MoneyGram holds a huge trove of sensitive customer data, for this reason, it is a prime target for cyber criminals.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)