Western Union disclosed in early 2018 that customer information had been accessed without authorization through a computer intrusion targeting an external vendor system formerly used by Western Union for secure data storage. The company sent notification letters to affected customers dated January 31, 2018, and the breach was publicly reported by The Register on February 13, 2018. The compromised archive contained customer contact information, bank names, Western Union internal customer ID numbers, transaction amounts, transaction times, and other identification numbers. Western Union stated that no financial information, credit card data, or internal payment systems were affected in the attack. The company did not disclose the name of the third-party storage vendor involved nor the total number of customers affected. In response, Western Union promptly migrated its external secure storage to a different vendor’s system, notified law enforcement, and cooperated actively with the investigation. Affected customers were enrolled in one year of complimentary identity-fraud protection services. The incident highlighted the risks organizations face when entrusting sensitive customer data to third-party storage providers, particularly legacy or formerly-used systems that may not receive the same security attention as active infrastructure. The breach came during a period of heightened scrutiny of third-party vendor security practices across the financial services industry. Western Union, which processes billions of dollars in money transfers annually and serves customers in over 200 countries, faced questions about its vendor oversight and data retention practices for archived customer records stored with external providers.