The money-transferring company first learned of the hacking Friday. A Western Union spokesman said the vulnerability was caused when "performance management files" were left open on the site during routine maintenance, allowing the hacker access. He did not know when the maintenance began or how long the site had been left unprotected.
"We are still in the due diligence period," said Peter Ziverts, a spokesman for the Englewood, Colo.-based company. "But this wasn't an architectural problem; this was due to human error."
Ziverts said that he did not know how long the site would be out of service, indicating that it would be "at least a few days."
Company representatives began contacting customers during the weekend via email and telephone.
One customer reported learning of the hacking from an answering machine message left by someone identifying himself as a Western Union president.
"Sounds like a big (mistake) on someone's part at a site you'd expect to be locked down tight," the customer said.
Western Union, a subsidiary of First Data, said no instances of credit card fraud had been reported to the company.
As CNET News.com reported earlier, American Express announced last week that it will offer disposable credit card numbers for safer online shopping, part of a bid to address privacy and security issues analysts say have slowed the growth of e-commerce.
Online money transfer accounts for an "absolutely minuscule" portion of the company's total transactions, Ziverts said. He would not say how much online business the company has lost because of the problem.
The main page of the company's Web site was replaced this weekend with a message saying the site was out of service. The message also directed customers to call a toll-free number to reach a company agent.
The company is investigating the breach, but Ziverts declined to provide further details about the probe or to say what agencies were involved.
The Associated Press contributed to this report.