{"id":25303,"date":"2024-10-08T12:10:10","date_gmt":"2024-10-08T20:10:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/10\/08\/news-19033\/"},"modified":"2024-10-08T12:10:10","modified_gmt":"2024-10-08T20:10:10","slug":"news-19033","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/10\/08\/news-19033\/","title":{"rendered":"MoneyGram confirms customer data breach"},"content":{"rendered":"\n<p>Money transfer company MoneyGram has <a href=\"https:\/\/www.moneygram.com\/mgo\/us\/en\/notification\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">notified its customers of a data breach<\/a> in which it says certain customers had their personal information taken between September 20 and 22, 2024.<\/p>\n<p>The investigation into the incident that was discovered on September 27 is still ongoing, and the number of impacted customers remains unclear.<\/p>\n<p>Initial investigations show the type of information stolen varies between different individuals, but may include:<\/p>\n<ul>\n<li>Names<\/li>\n<li>Contact information (phone number, email, physical address)<\/li>\n<li>Date of birth<\/li>\n<li>Social Security Numbers<\/li>\n<li>Government-issued identification documents (e.g. driver\u2019s licenses)<\/li>\n<li>Other identification documents (e.g. utility bills)<\/li>\n<li>Bank account numbers<\/li>\n<li>MoneyGram Plus Rewards numbers<\/li>\n<li>Transaction information (such as dates and amounts of transactions)<\/li>\n<li>Criminal investigation information (such as fraud)<\/li>\n<\/ul>\n<p>MoneyGram says that only a limited number of customers\u2019 Social Security numbers and criminal investigation information was taken.<\/p>\n<p>At the time, MoneyGram <a href=\"https:\/\/x.com\/MoneyGram\/status\/1838203169765052552\">announced on X<\/a> that it had taken certain systems offline temporarily to avoid any further compromise. That left a large number of worried customers trying to send money abroad to their relatives.<\/p>\n<p>The outage also affected MoneyGram partners, including the Bank of Jamaica and the UK\u2019s Post Office. The UK\u2019s Information Commissioner\u2019s Office (ICO) confirmed to <a href=\"https:\/\/techcrunch.com\/2024\/09\/27\/uk-data-watchdog-confirms-investigating-moneygram-data-breach\/\">TechCrunch<\/a> that the watchdog had received a report from MoneyGram.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWe have received a report from MoneyGram and will be making enquiries.\u201d<\/p>\n<\/blockquote>\n<p>MoneyGram recommends that its customers remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports.<\/p>\n<p>If you are in the US and would like to check your credit report, you are entitled under US law to one free credit report annually from each of the three nationwide consumer reporting agencies. MoneyGram has arranged to offer affected US consumers identity protection and credit monitoring services for two years at no cost. Its <a href=\"https:\/\/www.moneygram.com\/mgo\/us\/en\/notification\/referenceguide\/\">US Reference Guide<\/a> provides information on activation of the services.<\/p>\n<p>MoneyGram says there is no evidence that a ransomware group is behind the incident. As always, we will keep you posted about where the information shows up and what the consequences for impacted customers might be.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\">Protecting yourself after a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It\u2019s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\">Check your digital footprint<\/h2>\n<p>If you want to find out what personal data of yours has been exposed online, you can use our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it\u2019s best to submit the one you most frequently use) and we\u2019ll send you a free report.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/moneygram-confirms-customer-data-breach\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Money transfer giant MoneyGram has notified customers about a data breach that has spilt sensitive customer information. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[16687,32,5897],"class_list":["post-25303","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-moneygram","tag-news","tag-privacy"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25303"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25303\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25303"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}