MoneyGram has confirmed a data breach that occurred last month where transaction data and personal information of its users were stolen. The company is still investigating the issue and hasn’t spelled out how many of its 150 million customers have been impacted by the breach.

In its release, MoneyGram said that between September 20-22, “an unauthorized third party accessed and acquired personal information of certain consumers.” The company incidentally went offline for a few days last month amid the outage caused by the cybersecurity incident.

MoneyGram has now confirmed the breach and said that the impacted data includes consumer’s personal information like names, contact information, and dates of birth. It has also impacted some Social Security numbers and copies of identification documents like driver’s licenses and utility bills.

Financial information like customers’ bank account numbers, transaction information, and MoneyGram Plus Rewards numbers have also been breached in the attack. However, not all data have been leaked for users and MoneyGram said, “The types of impacted information varied by affected individual.”

What Should MoneyGram Customers Do After It Confirms the Breach?

MoneyGram recommends that its customers “remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your free credit reports.” It has also called upon its customers to remain alert for any unsolicited communications involving their personal information

Notably, US users can anyways get a free annual credit report from the three nationwide consumer reporting agencies. In addition, MoneyGram has tied up with Experion to offer its affected US consumers free identity protection and credit monitoring services for two years and is offering complimentary access to Experian IdentityWorksSM for 24 months.

To enroll, the affected customers need to call an Experian agent and provide the engagement number “B132368.” If it is determined that you need identity restoration support, an Experian Identity Restoration agent will work with you to resolve any fraud that may have happened.

The agent will also help the affected users place a freeze on their credit file with the three major credit bureaus and also assist with contacting government agencies. However, MoneyGram customers need to enroll by January 31, 2025, as the code won’t work after that day.

data breaches h1 2024

Source

Data Breaches Have Spiked in 2024

Data breaches have been on the rise in 2024 and cybercriminals seem to be having a field day as there have been several large hacks in the year.

For instance, AT&T suffered two data breaches in 2024 that impacted “nearly all” of its 110 million customers. Ticketmaster also suffered a breach where 560 million records were stolen. In yet another major breach, the information of millions of Advance Auto Parts customers was compromised after hackers accessed its Snowflake account.

In July, Twilio said that “threat actors” were able to identify the cellphone numbers of Authy, which is a popular two-factor app that it owns.

More recently, in August, a California resident filed a complaint against Jerico Pictures, which operates the background-checking service National Public Data, for failing to protect the data of a whooping 2.9 billion individuals in what’s been touted as the biggest data breach in history.

According to the Identity Theft Resource Center, there were 1.07 billion victims of data breaches in the first half of 2024 which is 409% higher than the 182.65 million in the corresponding period in 2023.

Change Healthcare Data Breach Could Be the Biggest in Healthcare

Notably, even 1.07 billion is a conservative figure as it does not account for Change Healthcare’s data breach, which occurred after the report was released. The United Health data breach could be the biggest data breach in the healthcare industry as a third of the US population is estimated to have been impacted.

Meanwhile, in a world where hacks and cyberattacks are becoming more frequent and devastating, some companies don’t seem to be paying enough attention to the sensitive user data that they possess.

It is quite likely that data leaked in breaches like MoneyGram ends up on the dark web for sale. Cybercriminals do such acts for money and either sell the data on the dark web or seek ransom from the companies in exchange for not selling the data.

How to Keep Your Data Safe

Data breaches are a growing menace but there is not much that users can do to totally protect themselves from incidents like the MoneyGram data breach as customers trust such credible companies to protect their data from getting hacked and it is their responsibility to keep it secure.

However, users must follow some basic hygiene online to reduce the risk of their data getting breached and minimize their impact.

Firstly, while opening any website it’s prudent to check that they are secure and begin with Hypertext Transfer Protocol Secure (HTTPS). One should be doubly cautious when filling out PII on a website and refrain from doing so on unsecured websites. Also, don’t click on any unverified links, and never provide your personal information.

Always keep passwords as unique and importantly don’t use the same passwords across different accounts as it increases the risk multi-fold in a breach since multiple accounts could be hacked with the same password.

Next, apps should be downloaded through official stores like Google Play Store and Apple App Store. Downloading these from other channels could be risky and could be a potential security threat. While not perfect, an MFA app like Google Authenticator could help lower the risk of a data breach dramatically .

Having an identity threat protection service might also be helpful as it helps you figure out whether you have been part of a breach. Finally, if you discover that you were part of a breach, try changing the passwords for your accounts that were part of the breach and remain attentive to any suspicious activity in your accounts.