A MoneyGram hack has seen an attacker obtain the personal data of an unknown number of the company’s 50 million money transfer users.
A separate hack of a debt collection company has seen personal data obtained for more than 200,000 Comcast customers, despite previous assurances that this was not the case …
MoneyGram hack
MoneyGram acknowledged the security breach in an official notice.
On September 27, 2024, we determined that an unauthorized third party accessed and acquired personal information of certain consumers between September 20 and 22, 2024. Our investigation into the issue is ongoing.
The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud). The types of impacted information varied by affected individual.
The company said its immediate response was to take “certain systems” offline, and it has since hired external cybersecurity experts to assist with its investigation. It is also cooperating with law enforcement.
MoneyGram hasn’t yet revealed how many customers are affected, or even confirmed whether it has this information. Some 50 million people across 200 countries use the service.
It says that affected US customers will be offered a free two-year subscription to Experian’s identity protection and credit monitoring service. Details of how to register can be found here.
Anyone who thinks they may have impacted is asked to contact the company on the toll-free number (833) 918-1122 quoting “engagement number B132368.”
Comcast too
An unrelated hack of a debt collection company used by Comcast took place in February. The cable TV company said at the time that no customer data had been compromised in the attack on Financial Business and Consumer Solutions (FBCS).
In July, however, Comcast backtracked on this, and admitted that the personal data of some customers had been obtained. A court filing spotted by Engadget reveals that 237,703 customers had their data stolen.
The attackers were thorough, scooping up names, addresses, Social Security numbers, dates of birth, Comcast account numbers and ID numbers. Comcast says the stolen data belongs to customers who signed up with the company “around 2021.” It also says it has stopped using FBCS for the purposes of debt collection.
The same attack also affected the data of 600,000 customers of debt-purchasing company CF Medical, and Truist Bank.
How to protect yourself
Always treat any claimed communication involving finances with suspicion, whether it’s a text, email, or voice call. The safest approach is always to hang up and call the company on a known genuine number (such as the one printed on your bank statement or payment card) to verify any information you have been given before acting on it.
Some people prefer to play safe by freezing their credit, and only unfreezing it as and when they need to apply for financing. This will prevent anyone taking out a finance agreement using your details.
Photo by Luther.M.E. Bottrill on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments