MoneyGram has confirmed a data breach that exposed sensitive customer data to hackers, forcing its services offline for five days in September 2024. 

The American payment and money transfer platform, which operates through 350,000 locations across 200 countries and via its mobile app and website, revealed hackers stole a varied amount of sensitive customer information. 

This includes transaction details, email and postal addresses, names, phone numbers, utility bills, government IDs and Social Security numbers.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

BleepingComputer first reported the news of the MoneyGram cyberattack on Oct. 5, noting that hackers used a social engineering attack on the company’s internal help desk. At the time, the company didn’t disclose much information about the attack, stating, “After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services.”

In an email to the publication, MoneyGram also confirmed that it has found “no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents’ systems.”

However, in a notification on its website, MoneyGram has now revealed more information about the cyberattack. The company says that the threat actors had access to its network even earlier, between Sept. 20 and Sept. 22. It got to know about the breach on Sept. 27.

A woman with a cellphone (Kurt “CyberGuy” Knutsson)

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS

What information got stolen?

During the time hackers had access to MoneyGram’s network, they stole a significant amount of sensitive information, including consumer names, contact details (such as phone numbers, email addresses and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills) and bank account numbers.

For a limited number of customers, MoneyGram says hackers also accessed MoneyGram Plus Rewards numbers, transaction details (like dates and amounts) and criminal investigation info (such as fraud cases). The types of information exposed varied by individual.

CLICK HERE FOR MORE US NEWS

A woman working on a laptop (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

6 ways to protect yourself from a data breach

1. Enable two-factor authentication (2FA) on all accounts: One of the most effective ways to protect your personal and financial information from hackers is to enable two-factor authentication wherever possible. This adds an extra layer of security by requiring two forms of verification before granting access to your account, such as a password and a one-time code sent to your phone. Even if your password is stolen, 2FA can stop hackers from getting into your accounts.

2. Monitor your financial accounts regularly: After a data breach, especially when sensitive financial information like transaction details and bank account numbers have been compromised, it’s crucial to regularly monitor your bank statements, credit card transactions and even small purchases. Look for unauthorized activity, no matter how minor it seems, and report it to your bank or service provider immediately.

With the MoneyGram breach, hackers accessed customers’ financial transaction details, which could lead to fraud or unauthorized transactions. By reviewing your account statements frequently, you can catch any unusual activity early and take action before significant damage is done.

3. Change your passwords and use strong, unique passwords: MoneyGram customers who reused passwords across multiple accounts should update their login information immediately. A strong password combines uppercase and lowercase letters, numbers and symbols, making it harder for hackers to guess or crack. Consider using a password manager to securely store and generate complex passwords.

4. Sign up for identity theft protection: Given that hackers stole Social Security numbers, government-issued IDs and other sensitive information in the MoneyGram breach, affected customers should consider enrolling in identity theft protection. These services notify you if someone attempts to open new lines of credit or loans in your name, allowing you to take immediate action to prevent identity theft. Additionally, you can place fraud alerts or freezes on your credit reports to prevent unauthorized access.

For those impacted by the MoneyGram breach, where personally identifiable information such as government IDs and Social Security numbers were compromised, signing up for identity theft protection services can offer an extra level of security. See my tips and best picks on how to protect yourself from identity theft.

5. Be wary of phishing attacks and scams: After a data breach, there is often an uptick in phishing attacks, where scammers try to trick you into revealing additional personal information by posing as legitimate companies. Always double-check the authenticity of emails, especially those asking for sensitive information. Never click on links or download attachments from suspicious sources, and verify any requests for information by contacting the company directly. Since the MoneyGram breach occurred through a social engineering attack, customers should be on the lookout for emails, phone calls or text messages pretending to be from MoneyGram or related entities. Always verify any communication before taking action.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Invest in personal data removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

Kurt’s key takeaways

Big tech companies are struggling to curb cyberattacks. Every month, we hear about a new data breach that puts the data of millions of Americans at risk, and most of the time, these firms face nothing more than a slap on the wrist. Meanwhile, the individuals whose data is stolen suffer the consequences for years to come. MoneyGram and other companies should invest more in their cybersecurity infrastructure to ensure that breaches like this don’t become the norm.

Do you believe that legislation should enforce stricter penalties on companies that fail to protect customer data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

A bunch of Tesla’s humanoid Optimus robots walked out alongside the reveal of Tesla’s new Robovan vehicle at tonight’s Cybercab event. The robot is also seen in a video doing daily human tasks like bringing in a package off the porch and watering your plants.

“The Optimus will walk amongst you,” Tesla CEO Elon Musk qips. “You’ll be able to walk right up to them, and they will serve drinks.”

Musk explains it can basically “do anything” and mentions examples like walking your dog, babysitting your kids, mowing your lawn, serving you drinks, etc. He said it will cost $20,000 to $30,000 “long term.”

“I think this will be the biggest product ever of any kind,” Musk says.

After the presentation, livestream footage showed people interacting with Optimus robots at tables and in crowds. Still, the robots weren’t doing much other than waving in the style of Astro Bot. There was a table of drinks — but the Optimus bot was not seen doing more than holding a cup of ice. However, one bot could hand over small gift bags at another table and play rock paper scissors with guests. And there was an enclosed gazebo with a bunch of dancing robots inside.

The Tesla bot was not a serious product when Musk first revealed the project in 2021, when a man in a robot suit took the stage to perform a silly dance. But in 2022, the company showed off a crude prototype that gingerly walked onstage.

Musk has loftily promised that Optimus will be a “fundamental transformation for civilization.” And he made bigger ones for the investors: that it’ll bring “two orders of magnitude” of potential improvement of economic output and that it can be “made in very high volume, ultimately millions of units.” Musk said it would cost around “$20,000” and allow for “a future where there is no poverty.”

Apple has been using your face data for security for seven years. You likely use your fingerprint to unlock at least a few of your devices. 

Win an iPhone 16 Pro with Apple Intelligence ($999 value). 

No purchase necessary. Enter now!

But have you paid with your palm at Whole Foods yet? Did the TSA scan your face the last time you were at the airport? Using biometric info like your fingerprint and face can save a little time, but a whole lot of potential security risks come along for the ride.

Should you give companies and agencies access to your most personal data? I’ve got the scoop so you can decide for yourself.

10 TECH TIPS AND TRICKS EVERYONE SHOULD KNOW

Catching a flight any time soon?

You’ve probably used the old TSA tech, similar to Apple’s Face ID. They snap a pic and compare it to your ID to confirm it’s really you trying to get through security. Nice to know: They say they delete images of you once you’re through the process.

The TSA’s new Touchless Identity Solution works a little differently. All you do is look at a camera and wait for an agent to give you the green light. Fast and easy! What’s the catch?

In order for this process to work, you’ll need a U.S. passport and TSA PreCheck. You’ll also need to be a member of a participating airline’s loyalty program. When you check in through your airline’s app, you’ll be prompted to opt into a biometrics scan.

THE $40K SCAM THAT ALMOST GOT ME + 3 MORE SPREADING NOW

If you opt in, you’ll allow the TSA to add your photo to a cloud-based verification service. Step up to the camera, and it matches your live image with the stored one. The TSA says both images are deleted within 24 hours of your flight’s departure.

It’s not just the airport. Here are 5 places you’re being recorded in public.

Talk to the hand

Whole Foods uses a process similar to the TSA’s with its palm scan tech. Through the Amazon One app, you can link a credit card to your “palm signature.” Scan your hand in-store, and the data is compared to palm signatures stored in the Amazon cloud. When a match is found, you’re paid up and good to go.

Fingerprinting and similar systems are used practically everywhere now, from security agencies to grocery stores. (Photo by Katherine Frey/The Washington Post via Getty Images)

Now, Amazon says they only save the mathematical data behind your palm signature, not actual photos of your hand. This means a hacker couldn’t use a high-quality pic of your palm to pass as you.

The safety dance

So are these more advanced biometric screenings hacker-proof? It’s unlikely a crook could fool a biometric reading in the airport. Agents would figure it out pretty quickly.

Even at Whole Foods, it’d be tough for someone to use an image of your palm to pay. Their systems also employ something called “liveness detection,” capturing motion, depth and texture, too.

3 SECURITY AND DATA CHECKS YOU SHOULD DO ONCE A YEAR

But remember, as technology advances, so, too, do criminals. AI deepfakes are already much better than they were just a year ago. There could come a day when a deepfake mask could fool facial recognition software, especially when there’s no real person standing there to double-check.

WATCH: Companies are paying for AI avatars in their ads. You have to see this one.

The biggest issue I see

Let’s say we trust government agencies and big companies to store this biometric data. That doesn’t mean they’re immune to data breaches. When you hand over any kind of data, it’s 100% a hacker’s target.

Biometric data isn’t exempt from the prying eyes of the average hacker. (Jakub Porzycki/NurPhoto via Getty Images)

Thinking about opting into one of these services or another like it? Here’s how to protect your biometric data:

• Before you let a company or agency access your biometric data, consider their reputation. The TSA is more reputable than a random shopping app. At the very least, search for the org or company with the term “data breach.”
• Whenever possible, use your biometric data in tandem with a strong password, 2FA or an authenticator app.
• If you have to upload biometric data online, use a VPN to secure your internet connection first — especially if you’re using a public network. This is an extra barrier between you and anyone else lurking there waiting to steal files.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.