Money transfer company MoneyGram has notified its customers of a data breach in which it says certain customers had their personal information taken between September 20 and 22, 2024.The investigation into the incident that was discovered on September 27 is still ongoing, and the number of impacted customers remains unclear.Initial investigations show the type of information stolen varies between different individuals, but may include:- Names- Contact information (phone number, email, physical address)- Date of birth- Social Security Numbers- Government-issued identification documents (e.g. driver’s licenses)- Other identification documents (e.g. utility bills)- Bank account numbers- MoneyGram Plus Rewards numbers- Transaction information (such as dates and amounts of transactions)- Criminal investigation information (such as fraud)MoneyGram says that only a limited number of customers’ Social Security numbers and criminal investigation information was taken.At the time, MoneyGram announced on X that it had taken certain systems offline temporarily to avoid any further compromise. That left a large number of worried customers trying to send money abroad to their relatives.The outage also affected MoneyGram partners, including the Bank of Jamaica and the UK’s Post Office. The UK’s Information Commissioner’s Office (ICO) confirmed to TechCrunch that the watchdog had received a report from MoneyGram.“We have received a report from MoneyGram and will be making enquiries.”MoneyGram recommends that its customers remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports.If you are in the US and would like to check your credit report, you are entitled under US law to one free credit report annually from each of the three nationwide consumer reporting agencies. MoneyGram has arranged to offer affected US consumers identity protection and credit monitoring services for two years at no cost. Its US Reference Guide provides information on activation of the services.MoneyGram says there is no evidence that a ransomware group is behind the incident. As always, we will keep you posted about where the information shows up and what the consequences for impacted customers might be.