MoneyGram has confirmed that the cyberattack that knocked out its service for several days last month saw crooks steal customer data, including bank account numbers.
In late September MoneyGram was forced to take systems offline in response to a "cybersecurity issue". Now, the company says it has determined that an unauthorised third party accessed and acquired personal information of "certain consumers".
That information includes names, contact information, dates of birth, national identification numbers, copies of government-issued identification documents, other identification documents such as utility bills, bank account numbers, MoneyGram Plus Rewards numbers, transaction information and, for a limited number of consumers, and criminal investigation information.
Customers are advised to "remain vigilant" while some are being offered identity monitoring services for two years at no cost.
MoneyGram is the world's second-largest money transfer operator, with more than 50 million users who send more than $200 billion a year.
The attack has already cost the US firm business, with the UK's Post Office deciding not to renew a long-term deal.