US money transfer giant MoneyGram has admitted that hackers stole customers' personal information and transaction data in a cyberattack last month.
The company said in a statement Monday that customer data was “accessed and obtained” by an unauthorized third party during the Sept. 20 cyberattack. Although the nature of the cyberattack is still unknown, the cyberattack caused a week-long outage that resulted in the closure of the company's website and app. Go offline.
MoneyGram says it serves more than 50 million people in more than 200 countries and territories each year.
MoneyGram said in a statement Monday that the investigation is in its “early stages” and it is working to determine which consumers were affected by this issue. The company did not say how many customers may be affected, and a MoneyGram spokesperson did not respond to a request for comment.
Stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. This data also includes a “limited number” of Social Security numbers, government identification cards such as driver's licenses, and other documents containing personal information such as utility bills and bank account numbers. According to MoneyGram, the type of data stolen varies from person to person.
MoneyGram said the stolen data included transaction information such as transaction date and transaction amount, as well as “a limited number of consumer-facing criminal investigation information (such as fraud).”
TechCrunch previously reported that MoneyGram subsequently notified the UK data protection regulator of the data breach, as required by UK law.