What Happened
On September 20, 2024, MoneyGram International, one of the world’s largest money transfer services, suffered a cyberattack that forced the company to take systems offline for approximately one week. The outage disrupted remittance services for millions of customers worldwide, many of whom rely on MoneyGram to send money to family members in other countries.
MoneyGram serves approximately 50 million customers annually across 200 countries and territories. The week-long outage affected billions of dollars in planned transfers and caused significant hardship for customers who depend on the service for essential financial support to relatives.
How They Got In
The attack originated through social engineering targeting MoneyGram’s IT helpdesk. Attackers impersonated legitimate employees and convinced helpdesk staff to provide access or reset credentials, bypassing technical security controls through human manipulation.
Once the attackers obtained valid credentials through the social engineering attack, they accessed MoneyGram’s internal systems and moved through the network. The company detected the intrusion and made the decision to take systems offline to contain the threat and prevent further unauthorized access.
Data Exposed
MoneyGram confirmed that attackers accessed sensitive customer information during the intrusion. Exposed data included names, contact information, dates of birth, and national identification numbers. Government-issued identification documents such as driver’s licenses and passports were accessed. Bank account numbers and MoneyGram Plus Rewards numbers were compromised. Transaction information including dates and amounts was also exposed.
The specific data exposed varied by customer based on their transaction history and the documents they had provided to MoneyGram for identity verification.
Global Service Disruption
The decision to take systems offline caused a complete halt to MoneyGram’s money transfer services worldwide for approximately one week. The outage affected customers across all channels including retail locations, the MoneyGram app, and the website.
For many customers, particularly migrant workers sending remittances to family members in developing countries, the outage caused immediate hardship. Recipients who depended on regular transfers for basic needs such as rent, food, and medicine faced unexpected financial stress.
The incident highlighted the critical infrastructure role that remittance services play for global migrant populations and the outsized impact when these services are disrupted.
Business Impact
MoneyGram’s stock price dropped following the breach disclosure. The company lost its contract with the UK Post Office, a significant distribution partner. CEO Alex Holmes was replaced weeks after the breach, though the company did not explicitly link the leadership change to the incident.
The company faced regulatory scrutiny from financial regulators in multiple jurisdictions and potential enforcement actions related to customer data protection and service availability.
Social Engineering Trends
The MoneyGram attack reflected a broader trend of attackers targeting helpdesks and IT support functions through social engineering. Similar techniques were used in high-profile attacks against MGM Resorts, Caesars Entertainment, and other organizations in 2023-2024.
Attackers increasingly combine social engineering with technical attacks, using manipulated helpdesk staff to bypass MFA, reset passwords, or enroll new authentication devices. These attacks exploit the human element that remains difficult to address with technical controls alone.
Lessons Learned
The MoneyGram breach demonstrated that sophisticated technical controls can be bypassed through human manipulation. Helpdesk verification procedures must be robust enough to resist social engineering attempts. Out-of-band verification for sensitive requests like password resets and MFA changes is essential. Employee training should include realistic social engineering scenarios. Organizations should simulate social engineering attacks to test helpdesk resistance.
Critical service providers should have business continuity plans that enable continued operations even during security incidents, minimizing customer impact from necessary containment measures.