ABSTRACT
MoneyGram International, Inc. is an American interstate and international peer-to-peer payments and money transfer company based out of Dallas, Texas. The company provides its services to individuals and businesses in more than 200 countries and territories with a global network of about 347,000 agent offices. These transfer services are commonly used by migrant workers in the U.S. and other countries, to share money with family and friends in their home countries. India and Mexico are the biggest receivers of such transfers, according to the Federal Reserve Bank of Dallas.
On 27th September 2024, MoneyGram confirmed a significant data breach that occurred between September 20th and 22nd, 2024. During this incident, MoneyGram experienced a five-day outage, which affected millions of customers who reported service disruptions across various social media platforms. The company later identified and confirmed the incident as a “Cybersecurity issue,” and resumed services on 26th September 2024 only after taking extensive precautionary measures,” said MoneyGram.
This breach resulted in the unauthorized access and theft of customer data, including personal information and transaction details. The compromised data includes sensitive customer information, including transaction information, email addresses, postal addresses, names, phone numbers, utility bills, and government IDs including social security numbers. This information may be leveraged to craft effective follow-up phishing attacks or to perpetrate identity theft and fraud attempts. Despite speculation regarding a ransomware attack, MoneyGram has officially denied these claims, asserting, “At this time, we have no evidence that this issue involves ransomware.” However, beneath this reassurance lies a more concerning narrative associated with a hacker collective known as Scattered Spider. The attack involved sophisticated social engineering tactics, which allowed the hackers to manipulate internal helpdesk into revealing sensitive information.
In response to the breach, MoneyGram, alongside investigative authorities, initiated a comprehensive
investigation with support from cybersecurity experts and in coordination with law enforcement. The company committed to offering affected U.S. customers two years of free identity protection and credit monitoring services to help them safeguard their personal data and reduce the risks associated with the breach.
TACTICS, TECHNIQUE AND PROCEDURE (TTP)
EXPERT’S ADVICE
Financial organizations need to make sure on following,
- Strengthen employee cyber security awareness training to enable the staff detecting possible social engineering tactics, ensuring they respond appropriately to potential phishing and impersonation attempts
- Implement strong password policy to reduce the risk of credential compromises
- Implement Role-Based Access Control (RBAC) Strategies and Multi-Factor Authentication (MFA)
- Implementation of DLP (Data Loss Prevention) for endpoints, networks, and cloud security to prevent transfer of sensitive data over unencrypted channels and unknown sources
- Ensure the compliance requirements are met e.g. GDPR, GLB-ACT
- Set up a strong tested Incident Response and Recovery Plan
- Implement Real-time Monitoring and Threat Detection with an inhouse or third-party SOC
- Perform Security Assessments from a third-party vendor to uncover any potential Mis-configurations, Loopholes and Vulnerabilities in the existing Systems including Applications and underlined Network
REFERENCES
https://www.moneygram.com/mgo/us/en/notification/notice/
https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know
https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act
GLOSSARY
- Tactics, Techniques and Procedures (TTP) – Describes the behavior of a threat actor and a structured framework for executing a cyberattack
- Phishing – A type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source
- Social Engineering – A method of exploiting human psychology to manipulate individuals into disclosing sensitive information or granting unauthorized access to systems
- GDPR – General Data Protection Regulation
- GLBA – Gramm-Leach-Bliley Act
