Cyber Incident Victim: Western Union

In January 2018, Western Union began notifying customers of a data breach involving unauthorized access to their personal information. The incident stemmed from a computer intrusion targeting an external vendor system previously used by the company for secure data storage. Western Union clarified that the breach occurred at this unnamed third-party storage provider, not within its own infrastructure. Customer records stored on the vendor’s compromised systems were exposed, though the company did not publicly specify the exact types of data affected or the number of impacted individuals. The breach discovery timeline and intrusion methods were not detailed in notifications. Western Union’s communications to affected customers, sent the prior month, emphasized that its internal systems remained uncompromised and operational.

The company attributed full responsibility for the incident to the unnamed storage firm, citing the breach as a result of the vendor’s security failure. Western Union disclosed no technical specifics about the attacker’s identity, motives, or exfiltration methods. In response, it terminated its relationship with the affected vendor and initiated an investigation to assess the scope of exposed data. Affected customers were offered complimentary credit monitoring services as a precautionary measure. The breach did not disrupt Western Union’s financial transactions or its publicized plans to test Ripple-based transactions and pursue sales growth in 2018. No operational outages, financial losses, or regulatory penalties linked to the incident were reported in available disclosures.