Security

Everything we know about the MoneyGram breach

Another day, another massive data breach. This time, it’s MoneyGram, a global mega-company that handles money transfers, bill pay and other financial services. They have digital platforms and retail locations, and they even power Walmart’s money-transfer service.

There’s no formal statement yet on exactly how many people were impacted, but we do know MoneyGram has over 150 million customers worldwide.

The whole shebang, exposed

In their official statement, MoneyGram says an unauthorized third party (aka a vendor, hacker or group of hackers) accessed and acquired a ton of personal info between Sept. 20 and Sept. 22. MoneyGram didn’t discover the break-in until about a week later, on Sept. 27.

MoneyGram says the following types of customer data have been compromised:

Social Security numbers and government ID documents
Contact information, including email, addresses and phone numbers
Birthdates
Bank account numbers
Utility bills
MoneyGram Plus Rewards information and transaction information
Criminal investigation information (like fraud) for “a limited number of consumers”

MoneyGram is working with external cybersecurity experts and law enforcement. It generally takes a few weeks or even months to discover the full extent of breaches like this and all those impacted. In the meantime, they’re providing customers with free identity protection and credit monitoring services for two years.

Whenever a big breach like this happens …

… It’s always a good idea to take a proactive approach with your credit file. If you’ve used MoneyGram before, place a security freeze on your credit report with each of the three major credit reporting agencies. Here’s how:

Equifax: Visit Equifax.com and follow the steps to freeze online. By phone, call 1‑888‑298‑0045. For snail-mail requests: Print this and mail it to Equifax Information Services LLC, P.O. Box 105788, Atlanta, GA 30348‑5788.
Experian: To do it online, visit the Experian Freeze Center. By phone, call 1‑888‑EXPERIAN (1‑888‑397‑3742), or submit your request in writing to Experian Security Freeze, P.O. Box 9554, Allen, TX 75013.
TransUnion: Add a freeze online on the TransUnion website. Call 1‑888‑916‑8800, or mail TransUnion, P.O. Box 160, Woodlyn, PA 19094.

Once you’ve placed the freeze, you’ll get a personal identification number or password to temporarily lift or remove the freeze. Make sure you keep this info in a safe place.

And there’s a fourth credit reporting agency now

Continue reading →

🚨 Bad apples? More like bad apps: In just one year, more than 200 malware-infected apps in the Google Play Store racked up millions of downloads. Many were disguised as tools or photography, personalization, productivity or lifestyle apps. Before you download an app, always check its reviews and beware of suspicious permissions, like a photo app asking for access to your messages.

600 million cyberattacks

Target Windows every single day. Microsoft’s latest report with all the gory details says more than 99% of attacks go after your passwords. Antivirus software is a must, folks.

⚠️ Use Windows Enterprise software? There’s a critical vulnerability rated 9.8 out of 10 (really bad) in Microsoft Configuration Manager. CVE-2024-43468 is extremely dangerous, allowing hackers to take control of your system and network remotely. You can’t fix this with a normal patch; it requires an in-console update inside the Configuration Manager. Full steps here.

🚨 Gmail scam spreading: This is frightening. Watch out for fake Gmail account recovery request notifications that look like the real deal. Hackers try to convince you to sign in through a phony login page, where they can then capture your password. Ignore or decline the request and they’ll follow up with an AI-generated Google support call in which the caller claims someone has accessed your account and stolen your data. Ignore that, too. Pass this on so everyone knows this is happening.

Another day, another scam: Fraudsters are pretending to be mortgage providers, saying your home warranty needs to be renewed. Look for the telltale sign at the bottom of mailed notices in tiny little letters: “We are not affiliated with your current mortgage.”

🚨 Data disaster: Archive.org, the internet’s digital library, just suffered a massive breach, leaking 31 million records — emails, addresses, screen names and hashed passwords. The site claims a DDoS attack, but reports confirm it was actually hacked. The cherry on top? Hackers temporarily posted on the homepage, “See 31 million of you on HIBP!” That’s Have I Been Pwned.

“Text pesting”: That’s the name for a disturbing type of harassment an estimated one-third of young women deal with regularly. Creeps use the contact info from a professional interaction, like an Instacart delivery or rideshare, to send unwanted sexual messages. Take Millie, who got, “I can’t wait to pick you up and see your beautiful face again, I long for you” from a driver.

😡 Frustration overload: This summer’s National Public Data hack leaked the personal details of 2.9 billion people. Now, the company’s drowning in class-action lawsuits and might be stuck paying for credit monitoring. No surprise, they just filed for bankruptcy, claiming only a few thousand dollars in assets. How convenient.

🤖 Tough decisions: Should AI weapons be fully autonomous and allowed to make deadly decisions? The big fear is that enemy states like China may go all in on AI weapons first, while the U.S. still needs someone to press a button each time to fire. FYI: While the U.S. military doesn’t buy fully autonomous weapons yet, companies here aren’t banned from making or selling them.

Sucking up dirt: A prankster is targeting Chinese-made robot vacuums inside American homes. A Minnesota lawyer’s Ecovacs Deebot X2 app showed someone accessing the live camera feed, then racial slurs and a few f-bombs blasted through the speaker. In Los Angeles, another vacuum chased an owner’s dog. Ecovacs says to change your password. I say you should do a factory reset and toss your Ecovacs. This Roomba is on sale.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

Toss porch pirates overboard: Nationwide, thieves are nabbing expensive new iPhones just seconds after they’re dropped off. AT&T sends theirs via FedEx and usually doesn’t require a signature for deliveries, so they’re the biggest target. If you’re ordering an iPhone, pick it up in-store or get a lockable porch box and video doorbell.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

Microsoft’s latest update is a mess: During installation, Windows 11 24H2 creates a 9GB temporary cache folder that can’t be deleted. Tools like Disk Cleanup don’t do anything. Microsoft is working on a patch. I’ll let you know when it rolls out.

📉 Watch the kiddos: Roblox stock dropped 9% after claims surfaced that the online game platform is a “pedophile hellscape.” Kids are being exposed to grooming, p*rn, violence and abusive language. Games kids can join include “Escape to Epstein Island” and “Run from Diddy Simulator.” Awful.

🚨 Fidelity Investments got hacked: No details yet on what personal data was leaked from 77,000 customers, but Fidelity says funds weren’t accessed. Hackers got in using two newly created customer accounts. I’ll bet you $10 that the number of customers affected is much, much higher. Change your passwords.

You can’t spell “crypto” without “C-R-Y”: The FBI created a fake cryptocurrency to nail pump-and-dump fraudsters. That’s where they inflate a crypto’s price with phony trades, convince others to buy, then cash out before the crash. The FBI set up a slick website, and shady companies took the bait. Now, 18 people and companies face fraud and market manipulation charges. But there are thousands more out there.

🔄 Patch Tuesday: Microsoft just dropped fixes for 118 security flaws, including five zero-day vulnerabilities. These bugs let hackers bypass security features, execute malicious code remotely and take control of your system — all bad stuff. Go to Start > Settings > Update & Security > Windows Update, then click Check for updates.

$4 smart remote

Temu is selling a knockoff remote that works with Amazon’s Fire TV. What a bargain … for something that could be listening and sending everything you do back to Communist China. Stay away.

MoneyGram data breach: Over 150 million customers were exposed. We’re talking names, addresses, IDs, bank account numbers, the whole nine yards. How’d they do it? Someone pretended to work there and got in. If you’re affected, expect to get a notice offering two years of free identity protection and credit monitoring services.

💦 Hackers targeted the largest water company in the U.S.: American Water, serving 14 million people in 14 states, shut down certain systems and paused operations when they realized hackers were inside. No word yet on what the hackers were doing in there. I’m sure they were thirsty for corporate secrets and how to take them down. This is why I keep gallons of water at home, just in case.