Leading money transfer service MoneyGram has confirmed that a cyberattack in late September jeopardized sensitive customer data and led to a five-day service outage.
The company initially detected the breach on Sept. 27. The incident disrupted its IT systems and prevented customers from transferring or accessing funds.
New details reveal that threat actors infiltrated the systems earlier, between Sept. 20 and 22, and stole a broad range of personal and financial information.
Perpetrators accessed highly sensitive data, including customer names, home and email addresses, transaction details, phone numbers, Social Security Numbers (SSNs), and even government-issued IDs such as driver’s licenses.
MoneyGram’s breach notification, initially spotted by TechCrunch, disclosed the scope of the breach.
"The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver's licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud)."
Despite the massive sensitive data exposure, MoneyGram said the incident involved no ransomware. However, the attack didn’t lack sophistication, as threat actors used social engineering tactics to penetrate the company’s defenses.
Threat actors reportedly posed as employees to trick the company’s IT help desk into granting them access to the network. Once inside, attackers exploited Windows Active Directory services, initially targeting employee data before fixing their crosshairs on customer information.
While MoneyGram has begun notifying impacted individuals, the extent of the damage remains unclear. The company confirmed that the type and amount of information stolen vary between customers. Those affected will receive notifications detailing which specific data was compromised in their case.
No threat actor group has yet claimed responsibility for the attack. The motive remains speculative, and the fate of the exfiltrated data, whether it’s being sold or used for criminal purposes, remains unclear.
Unfortunately, data breaches can occur entirely outside of customers' control, even when companies enforce robust security measures. However, that doesn’t mean individuals should remain passive in the face of these threats.
Dedicated software like Bitdefender Digital Identity Protection can help you stay a step ahead of threat actors. It continuously scans both the surface and Dark Web for traces of your personal data, including from accounts you may have forgotten about or no longer use.
If your data is compromised in a breach, it notifies you instantly and provides quick, 1-click actions to patch any vulnerabilities, giving you peace of mind and control over your digital footprint.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024