- Names, account numbers and card expiration dates were accessed in the hack
- American Express told customers they are not liable for fraudulent charges
- READ MORE: Here’s how credit card information is sold for on the dark web
American Express is alerting customers about a data breach in which hackers accessed personal credit card information through a third-party vendor.
Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised, the financial service company shared in a letter filed with the state of Massachusetts.
The incident occurred at a service provider that uses American Express Travel Service, which lets customers book flights, hotels and other reservations using an online portal.
American Express is urging all cardholders to check their statements and alert the company if fraudulent charges have occurred.
Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised
Anneke Covell, chief privacy officer, wrote: ‘We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system.
‘It is important to note that American Express-owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.’
The letter does not detail the number of people impacted or when the incident occurred.
Gerilyn Cammaroto, vice president of American Express’s communications, told DailyMail.com: ‘This incident was not caused by a data breach at American Express or at a service provider of American Express.
‘This incident resulted from a point of sale attack at a merchant processor in which American Express Card member data was impacted.
‘A courtesy notice of this incident was provided to the Massachusetts regulators due to impacts to American Express Card Members residing in Massachusetts.’
While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards.
‘At this time, we have been informed that your current or previously issued American Express Card account number, your name and other Card information such as the expiration date, may have been compromised,’ reads the notification signed by Covell.
While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards
American Express told BleepingComputer that it has filed the proper notification with regulatory authorities following the hack.
‘When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required,’ American Express told BleepingComputer.
‘We also work to identify impacted customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.
The financial company did note in the letter that customers who were part of the breach are ‘ not liable for fraudulent charges’ made with their credit cards.
To check if your American Express card may have been compromised, users are urged to log in to their accounts to look for unusual charges and to activate notifications to stay updated with information about the breach.
The incident comes less than two years of another that impacted 1.2 million customers who had their card number, expiration data, CCV, telephone number, address, social security number and other personal data stolen.
American Express said the 2022 breach was deployed by a third-party merchant, which allowed the sensitive information to leak onto the dark web.