As of today, MoneyGram services are no longer available in thousands of Post Office branches due to the cancellation of their contract renewal following a significant cyber security incident.
A new agreement was supposed to start this week, but the recent major cyber security breach at MoneyGram has led the Post Office to seek more assurances from the US-based money transfer company, resulting in the termination of the negotiations. On Monday, September 30, the Post Office notified its branches that the contract with MoneyGram would end at midnight.
MoneyGram provides financial services such as money transfers, bill payments, and cryptocurrency trading. However, it was compelled to suspend its services due to the ongoing cyber security issue which first emerged on Friday, September 20, when customers began reporting problems. Initially, these issues were attributed to a network outage affecting connectivity.
Currently, MoneyGram services remain unavailable across numerous Post Office locations in the UK, as the organization aims to fully understand the protective measures that MoneyGram has implemented in response to the incident. Just before the cyber incident, the companies were close to finalizing a new contract. The Post Office informed its subpostmasters that negotiations, which started in June, were in the final stages with expectations to establish a new agreement effective October 1, 2024.
In an effort to facilitate the service renewal process, the Post Office offered a shorter contract extension, allowing both parties to assess any long-term implications of the cyber event for customers, subpostmasters, and partners. However, MoneyGram declined this offer, leading to the contract’s termination. The Post Office expressed regret for the one-day notice given to subpostmasters.
Despite this setback, the Post Office remains open to future collaboration, stating, “We are still committed to exploring ways to continue our partnership, and discussions with MoneyGram are ongoing. We will inform you immediately of any updates.”
The Post Office had previously offered three MoneyGram services: MG Send, MG Receive, and MG Cancellations. They confirmed that all transactions completed at Post Office branches before MoneyGram’s system went offline on September 20 were processed successfully.
Akhil Mittal, a senior security consulting manager at the Synopsys Software Integrity Group, noted that money transfer services present attractive targets for cybercriminals due to the considerable amounts of digital cash and sensitive information they manage. Therefore, the fact that MoneyGram was targeted comes as no surprise.
Mittal emphasized the challenge of balancing security with operational continuity, stating, “By taking services offline, MoneyGram prioritized security, highlighting a common dilemma in the financial sector: how to safeguard sensitive data without disrupting business operations. Are companies prepared to meet this challenge?”