[ISN] Breach affects 79,000 MoneyGram accounts

From: InfoSec News (alerts@private)
Date: Sun Jan 14 2007 - 22:30:20 PST


Bloomberg News
Jan. 13, 2007

MoneyGram International Inc., which wires money and provides electronic 
bill paying, said Friday computer hackers may have stolen personal data 
on about 79,000 customers.

A computer server was "unlawfully accessed via the Internet" last month, 
St. Louis Park-based MoneyGram said in a statement. The company said it 
doesn't know whether hackers actually compromised any customer 
information, which included names, addresses, phone numbers, biller 
account numbers and some bank accounts.

"It was an isolated incident involving only those consumers who made 
payments to a single biller," Vicki Keller, vice president of MoneyGram 
Global Payment Services, said in the statement. MoneyGram didn't 
identify the company to which the bills were paid.

Social Security numbers, driver's licenses and state identification 
numbers prime targets of identity thieves weren't involved, the company 
said. A server is a device at the center of a computer network that 
helps store or distribute information and other resources to individual 

State and federal rules require notification to customers whose 
information may have been stolen, MoneyGram said. It's offering them a 
free one-year subscription to a credit monitoring service, and said law 
enforcement agencies were notified.

The breach involved one biller out of 15,000 and affected consumers 
across the country, said Cathy Rebuffoni, a MoneyGram spokeswoman.

MoneyGram handles money transfers, money orders and payment processing 
in 170 countries at 104,000 locations including Wal-Mart Stores, the 
company said. Many customers don't have checking accounts, or any bank 
accounts at all, said its annual report.

There were 255,565 identity-theft complaints reported in 2005, up 3.5 
percent from the year earlier, according to a study by the Federal Trade 
Commission. About a fourth of the stolen information was used for 
credit-card fraud.

Rob Scott, managing partner of Dallas-based Scott & Scott LLP, which 
advises companies on ways to respond to network security breaches, said 
companies can face both loss of business and lawsuits from consumers if 
personal information isn't protected properly.

"It's certainly bad for business," said Scott, who isn't involved with 
MoneyGram. "You're going to suffer some significant economic damages." 
He added companies can magnify the damage by reporting a breach even 
when they don't have to.

MoneyGram's shares fell 26 cents, or 0.9 percent, to $29.16 Friday.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Sun Jan 14 2007 - 22:38:43 PST