Social engineering attack on MoneyGram’s IT help desk led to September data breach.

A class action lawsuit was recently filed against money transfer service MoneyGram Payment Systems Inc. (“MoneyGram”) after its’ October 7th announcement, that it was the victim of a September 2024 data breach which resulted in the theft of customer sensitive personal information.

About MoneyGram

MoneyGram is an American peer-to-peer payment and money transfer firm that enables people to send and receive money through an extensive network of 350,000 physical locations in 200 countries or digitally via its mobile app and website.

It is the world’s second largest money transfer company, only behind Western Union, processing over 120 million transactions annually from tens of millions of users.

What Happened?

According to the Notice posted on MoneyGram‘s website, on September 27, 2024, it determined that an unauthorized third party accessed and acquired personal information of certain consumers between September 20 and 22, 2024.

According to the lawsuit, the breach occurred as a result of a “social engineering attack” on MoneyGram’s IT help desk by a criminal intent on selling or otherwise misusing the data.

What Information Was Stolen?

The impacted information obtained by the hackers include –

• consumer name,
• phone number,
• email address,
• postal address,
• date of birth,
• Social Security number,
• government-issued identification documents (such as driver’s licenses),
• other identification documents (such as utility bills),
• bank account numbers,
• MoneyGram Plus Rewards number,
• transaction information (such as dates and amounts of transactions) and,
• criminal investigation information (such as fraud).

The types of impacted information varies by affected individual.

What is MoneyGram Doing To Protect My Identity?

Per the notice posed on MoneyGram’s website, “Upon detecting the issue, we took steps to contain and remediate the attack, including proactively taking certain systems offline, which temporarily impacted the availability of our services. We also launched an investigation with the assistance of leading external cybersecurity experts and have been coordinating with law enforcement. “

MoneyGram is offering affected customers identity monitoring services for two years at no cost to you.

What Can Hackers Do With My Information?

Stolen PII and PHI can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.

Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.

Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.

If you receive a data breach notification from MoneyGram it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Your Identity. Join the MoneyGram Data Breach Class Action.

The lawsuit alleges that MoneyGram breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.

If you receive a notification letter from MoneyGram, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by MoneyGram on October 7, 2024.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.

Tags: cyber attack   data breach   Data Privacy   Identity Theft   Personal Identifying Information   ransomware