MoneyGram International said an unnamed attacker stole sensitive customer data and transaction information during a cyberattack in September in a statement Monday on its website.
The attacker hacked into the money transfer company’s network and stole customer data between Sept. 20 and Sept. 22, the company said. A days-long outage followed the attack, as MoneyGram’s remediation efforts took some systems offline and brought transactions to a halt until Sept. 25.
The attack accentuated the oftentimes far-reaching impact of cyberattacks. MoneyGram is one of largest money transfer services in the world, operating in more than 200 countries and territories across more than 430,000 locations across the globe.
MoneyGram initially called the attack a network outage in a Sept. 21 post on the social platform X, but on Sept. 23 it pointed to a cybersecurity issue affecting certain systems. “Our systems are back online and we have resumed normal business operations,” the company said in its Monday statement.
MoneyGram hasn’t explained how the attacker gained access to its systems or if ransomware was involved. The company did not respond to a request for comment.
The company said its investigation into the attack is ongoing, but on Sept. 27 it determined an attacker stole a trove of sensitive customer data, including names, bank account numbers, transaction information, MoneyGram Plus Rewards numbers, contact information, dates of birth, Social Security numbers and copies of government-issued IDs.
“The types of impacted information varied by affected individual,” MoneyGram said in the statement. The Dallas-based company hasn’t said how many people are impacted.
MoneyGram confirmed it is working with law enforcement, and external cybersecurity experts are assisting with the investigation. The company said last month that it was working through a backlog of customer transactions.