Money transfer giant MoneyGram has confirmed a major data breach in which hackers stole sensitive personal and transaction information of customers following a cyberattack between September 20 and 22, 2024. The attack, which resulted in a temporary system outage, has left customers vulnerable to potential fraud and identity theft.

According to a statement released by MoneyGram, the cyberattack saw hackers gain unauthorized access to a wide range of personal data, including names, contact details, dates of birth, and national identification numbers. The stolen data also includes financial information such as transaction records and bank account numbers. In some cases, Social Security numbers and government-issued IDs, such as driver’s licenses, were also compromised. “The types of stolen data will vary by individual,” the company noted in its statement.

The breach was first reported by TechCrunch, which noted that MoneyGram’s systems were offline for about a week following the incident. This affected not only the company’s own services but also those of its global partners, including the Bank of Jamaica and the UK’s Post Office, leaving millions of customers unable to send or receive money.

MoneyGram has since acknowledged that the breach affected a significant number of its customers, but the exact figure is yet to be determined. Malwarebytes reported that the breach was discovered on September 27, five days after the hackers had already accessed the data.

The company is now working with authorities to assess the scope of the attack and investigate the full extent of the damage. “We are in the early stages of our investigation,” a MoneyGram spokesperson said, adding that the company has already notified the necessary regulators, including the UK’s Information Commissioner’s Office (ICO).

The incident has sparked concerns over the potential for identity theft and fraud, especially given the wide range of data stolen. To mitigate the risks, MoneyGram has urged affected customers to monitor their financial accounts and credit reports closely. The company is also offering two years of free identity protection and credit monitoring services to US customers affected by the breach.

MoneyGram has not commented on the specific vulnerabilities that led to the breach but assured customers that it is taking all necessary steps to strengthen its security. For now, customers are being advised to take proactive steps, such as changing their passwords and enabling two-factor authentication, to protect themselves from further harm.