Anyone who wants to transfer cash quickly and easily from country A to country B nowadays resorts to international payment providers. The largest in the world are Western Union and MoneyGram.
Both companies offer the option of depositing and withdrawing cash within minutes, quickly and relatively easily. Often, all that is required is an ID document, a reference number, and a few details about the country of origin. A credit card or account is not necessary. Often, the money is intended to support a family, which is why it is particularly annoying when the money does not arrive.
Data is also a treasure
But cybercriminals aren’t always just after quick money; they’re also very interested in personal data. This, as well as customer transaction data, was stolen from MoneyGram in a five-day cyberattack in September.
The company discovered the attack on Sept. 27, after which it shut down its IT systems. The result: MoneyGram customers could neither access their data nor transfer money to other users.
The attack was officially confirmed on Oct. 7, when the company admitted that the attackers had access to its network even earlier, between Sept. 20 and 22, 2024.
During this time, according to MoneyGram, the threat actors stole a variety of sensitive customer data, including:
- transaction data
- email addresses
- postal addresses
- names
- phone numbers
- utility bills
- state ID cards
- Social Security numbers
In some cases, information about criminal investigations was also compromised. The type and extent of stolen data varies depending on the customer affected. Victims are informed individually about the stolen information, the international money transfer provider announced.
MoneyGram serves more than 50 million people in more than 200 countries, according to the company.
Humans remain the weak link
According to BleepingComputer, the attackers gained access through a social engineering attack on the MoneyGram IT help desk, in which the attackers posed as employees. Once they gained access to the network, the threat actors first targeted Windows Active Directory services to steal employee information.
So far, the identity of the perpetrators is unknown. There has been no claim of responsibility and no investigations have revealed any suspects. However, MoneyGram has confirmed that this is not a ransomware attack.
The service provider was supported in investigating the incident by cybersecurity company CrowdStrike, which itself made headlines around the world in July. Here, too, the failure was due to a human error.