BY YALMAN ONARAN and ELIZABETH HESTER
Jan. 13, 2007
MoneyGram International Inc., which wires money and provides electronic
bill paying, said Friday computer hackers may have stolen personal data
on about 79,000 customers.
A computer server was "unlawfully accessed via the Internet" last month,
St. Louis Park-based MoneyGram said in a statement. The company said it
doesn't know whether hackers actually compromised any customer
information, which included names, addresses, phone numbers, biller
account numbers and some bank accounts.
"It was an isolated incident involving only those consumers who made
payments to a single biller," Vicki Keller, vice president of MoneyGram
Global Payment Services, said in the statement. MoneyGram didn't
identify the company to which the bills were paid.
Social Security numbers, driver's licenses and state identification
numbers prime targets of identity thieves weren't involved, the company
said. A server is a device at the center of a computer network that
helps store or distribute information and other resources to individual
State and federal rules require notification to customers whose
information may have been stolen, MoneyGram said. It's offering them a
free one-year subscription to a credit monitoring service, and said law
enforcement agencies were notified.
The breach involved one biller out of 15,000 and affected consumers
across the country, said Cathy Rebuffoni, a MoneyGram spokeswoman.
MoneyGram handles money transfers, money orders and payment processing
in 170 countries at 104,000 locations including Wal-Mart Stores, the
company said. Many customers don't have checking accounts, or any bank
accounts at all, said its annual report.
There were 255,565 identity-theft complaints reported in 2005, up 3.5
percent from the year earlier, according to a study by the Federal Trade
Commission. About a fourth of the stolen information was used for
Rob Scott, managing partner of Dallas-based Scott & Scott LLP, which
advises companies on ways to respond to network security breaches, said
companies can face both loss of business and lawsuits from consumers if
personal information isn't protected properly.
"It's certainly bad for business," said Scott, who isn't involved with
MoneyGram. "You're going to suffer some significant economic damages."
He added companies can magnify the damage by reporting a breach even
when they don't have to.
MoneyGram's shares fell 26 cents, or 0.9 percent, to $29.16 Friday.
Subscribe to InfoSec News