A Register reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant's customer records was vulnerable to plundering, and hackers were quick to oblige.
According to the letter, the storage archive contained customers' contact details, bank names, Western Union internal customer ID numbers, as well as transaction amounts, times and identification numbers. Credit card data was definitely not taken, it stressed.
The red-faced biz was quick to point out that none of its internal payment or financial systems were affected in the attack. It also isn’t saying who the third-party storage supplier was, giving other customers of the slovenly provider time to check whether or not they have been hacked too.
Western Union says that, so far, it isn't aware of any fraudulent activity stemming from the data security cockup, but just to be on the safe side it is enrolling affected customers in a year of free identity-fraud protection.
Source: While Western Union wired customers’ money, hackers transferred their personal deets • The Register