MoneyGram has notified users of a data breach, and initial details suggest the breach is is about as bad as it could possibly be.

MoneyGram issues a notice on Monday of a data breach. On September 27, 2024, the company discovered “that an unauthorized third party” had access the company’s systems between September 20 and 22. The company detailed the data that was stolen and—spoiler alert—it’s worst-case scenario.

The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud). The types of impacted information varied by affected individual.

The company says it has already taken certain system offline, which is temporarily impacting its ability to serve its customers. MoneyGram is also working with law enforcement and cybersecurity experts.

In the meantime, MoneyGram recommends users “remain vigilant” to potential fallout from the breach.

We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your free credit reports. If you are in the U.S. and would like to check your credit report, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. U.S. residents can order a free credit report by visiting www.annualcreditreport.com or calling toll-free at 1-877-322-8228. The U.S. Reference Guide provides recommendations by the U.S. Federal Trade Commission on the protection of personal information. We also recommend that you remain alert for unsolicited communications involving your personal information.

MoneyGram is also offering impacted US customers identity and credit monitoring services, free of cost for two years.

In terms of data breaches, this one takes the cake, in terms of the impact it could have on consumers. Names, dates of birth, Social Security Numbers, government-issued IDs, bank account info, and transaction data give bad actors everything they need to open fraudulent accounts, not to mention gain access to existing accounts.

Only time will tell how such a devastating data breach occurred, but it’s safe to say this one is going to haunt MoneyGram and its customers for a long time.