American Express credit cards exposed in vendor data breach


 American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked.

In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.

“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system,” explains the data breach notification.

“Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”

The breach has led to customers’ American Express Card account numbers, names, and card expiration data being accessed by the hackers. 

It is unclear how many customers were impacted, what service provider was breached, and when the attack occurred.

When BleepingComputer asked American Express for more information about the breach, we were told that they do not disclose details of their business relationships and merchant partners and had no further information to share at this time.

However, American Express did say that they have notified the required regulatory authorities and are alerting impacted customers.

“When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required,” American Express told BleepingComputer.

“We also work to identify impacted customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.

Furthermore, if a cardmember’s credit card is used to make fraudulent purchases, American Express told BleepingComputer that customers would not be responsible for the charges.

American Express advises customers to review their account statement over the next 12 to 24 months and report any suspicious behavior.

The company also suggests customers enable instant notifications via the American Express mobile app to receive notifications about fraud alerts and when purchases are made.

Finally, if your card information was stolen, you may want to consider requesting a new card number, as it is common for threat actors to sell stolen credit cards on cybercrime marketplaces.



Source link