MoneyGram has confirmed a data breach that exposed sensitive customer data to hackers, forcing its services offline for five days in September 2024. The American payment and money transfer platform, which operates through 350,000 locations across 200 countries and via its mobile app and website, revealed hackers stole a varied amount of sensitive customer information. This includes transaction details, email and postal addresses, names, phone numbers, utility bills, government IDs, and social security numbers.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know
BleepingComputer first reported the news of the MoneyGram cyberattack on October 5, noting that hackers used a social engineering attack on the company’s internal help desk. At the time, the company didn’t disclose much information about the attack, stating, “After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services.”
In an email to the publication, MoneyGram also confirmed that it has found “no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents’ systems.”
However, in a notification on its website, MoneyGram has now revealed more information about the cyberattack. The company says that the threat actors had access to its network even earlier, between September 20 and 22, 2024. It got to know about the breach on September 27.
MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS
What information got stolen?
During the time hackers had access to MoneyGram’s network, they stole a significant amount of sensitive information, including consumer names, contact details (such as phone numbers, email addresses, and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), and bank account numbers.
For a limited number of customers, MoneyGram says hackers also accessed MoneyGram Plus Rewards numbers, transaction details (like dates and amounts), and criminal investigation info (such as fraud cases). The types of information exposed varied by individual.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
6 ways to protect yourself from a data breach
1) Enable two-factor authentication (2FA) on all accounts: One of the most effective ways to protect your personal and financial information from hackers is to enable two-factor authentication (2FA) wherever possible. This adds an extra layer of security by requiring two forms of verification before granting access to your account, such as a password and a one-time code sent to your phone. Even if your password is stolen, 2FA can stop hackers from getting into your accounts.
2) Monitor your financial accounts regularly: After a data breach, especially when sensitive financial information like transaction details and bank account numbers have been compromised, it’s crucial to regularly monitor your bank statements, credit card transactions, and even small purchases. Look for unauthorized activity, no matter how minor it seems, and report it to your bank or service provider immediately.
With the MoneyGram breach, hackers accessed customers’ financial transaction details, which could lead to fraud or unauthorized transactions. By reviewing your account statements frequently, you can catch any unusual activity early and take action before significant damage is done.
3) Change your passwords and use strong, unique passwords: MoneyGram customers who reused passwords across multiple accounts should update their login information immediately. A strong password combines uppercase and lowercase letters, numbers, and symbols, making it harder for hackers to guess or crack.
Consider using a password manager to securely store and generate complex passwords. One of the best password managers out there is 1Password. With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At the time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year, and you can save more with a family option which includes 5 family members for $60/year.
4) Sign up for identity theft protection: Given that hackers stole Social Security numbers, government-issued IDs, and other sensitive information in the MoneyGram breach, affected customers should consider enrolling in identity theft protection. These services notify you if someone attempts to open new lines of credit or loans in your name, allowing you to take immediate action to prevent identity theft. Additionally, you can place fraud alerts or freezes on your credit reports to prevent unauthorized access.
For those impacted by the MoneyGram breach, where personally identifiable information (PII) such as government IDs and Social Security numbers were compromised, signing up for identity theft protection services can offer an extra level of security.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
5) Be wary of phishing attacks and scams: After a data breach, there is often an uptick in phishing attacks, where scammers try to trick you into revealing additional personal information by posing as legitimate companies. Always double-check the authenticity of emails, especially those asking for sensitive information. Never click on links or download attachments from suspicious sources, and verify any requests for information by contacting the company directly. Since the MoneyGram breach occurred through a social engineering attack, customers should be on the lookout for emails, phone calls, or text messages pretending to be from MoneyGram or related entities. Always verify any communication before taking action.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
6) Invest in personal data removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Kurt’s key takeaway
Big tech companies are struggling to curb cyberattacks. Every month, we hear about a new data breach that puts the data of millions of Americans at risk, and most of the time, these firms face nothing more than a slap on the wrist. Meanwhile, the individuals whose data is stolen suffer the consequences for years to come. MoneyGram and other companies should invest more in their cybersecurity infrastructure to ensure that breaches like this don’t become the norm.
Do you believe that legislation should enforce stricter penalties on companies that fail to protect customer data? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.