U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers’ personal information and transaction data during a cyberattack last month.
The company said in a statement Monday that an unauthorized third party “accessed and acquired” customer data during the cyberattack on September 20. The cyberattack — the nature of which remains unknown — sparked a week-long outage that resulted in the company’s website and app falling offline.
MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.
In its statement Monday, MoneyGram said its investigation is in its “early stages” and is working to determine which consumers were affected by this issue. The company did not say how many customers might be affected, and a MoneyGram spokesperson did not immediately respond to a request for comment.
The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a “limited number” of Social Security numbers, and government identification documents, such as driver’s licenses, and other documents that contain personal information, like utility bills, and bank account numbers. MoneyGram said the types of stolen data will vary by individual.
MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, “for a limited number of consumers, criminal investigation information (such as fraud).”
TechCrunch previously reported that MoneyGram had subsequently notified U.K. data protection regulators of a data breach as required under U.K. law.