MoneyGram had information from its customers exfiltrated following a cyberattack that resulted in the days-long disruption of its systems late last month, BleepingComputer reports.
While the intrusion was initially detected on September 27, attackers were able to infiltrate MoneyGram's network between September 20 and September 22, enabling the theft of customers' names, birthdates, contact details, government identification document copies, bank account numbers, transaction details, and MoneyGram Plus Rewards numbers, according to a breach notification issued by MoneyGram. Other MoneyGram customers also had their Social Security numbers and criminal investigation data compromised as a result of the incident although the types of impacted information varied per individual. MoneyGram's confirmation of a data breach comes after it noted the lack of evidence suggesting the incident to have been brought upon by ransomware. While no threat actor has admitted responsibility for the intrusion, MoneyGram was reported to have its network compromised following a social engineering attack against its internal help desk.
