science

American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack


  •  Names, account numbers and card expiration dates were accessed in the hack
  • American Express told customers they are not liable for fraudulent charges
  • READ MORE:  Here’s how credit card information is sold for on the dark web

American Express is alerting customers about a data breach in which hackers accessed personal credit card information through a third-party vendor.

Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised, the financial service company shared in a letter filed with the state of Massachusetts.

The incident occurred at a service provider that uses American Express Travel Service, which lets customers book flights, hotels and other reservations using an online portal.

American Express is urging all cardholders to check their statements and alert the company if fraudulent charges have occurred.

Account numbers, names and other credit card information such as the expiration date of ¿some customers¿ have been compromised

Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised

Anneke Covell, chief privacy officer, wrote: ‘We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system.

Readers Also Like:  Scientists Discover Simple Way to Boost the Effectiveness of ... - SciTechDaily

‘It is important to note that American Express-owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.’

The letter does not detail the number of people impacted or when the incident occurred. 

Gerilyn Cammaroto, vice president of American Express’s communications, told DailyMail.com: ‘This incident was not caused by a data breach at American Express or at a service provider of American Express. 

‘This incident resulted from a point of sale attack at a merchant processor in which American Express Card member data was impacted. 

‘A courtesy notice of this incident was provided to the Massachusetts regulators due to impacts to American Express Card Members residing in Massachusetts.’

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards. 

‘At this time, we have been informed that your current or previously issued American Express Card account number, your name and other Card information such as the expiration date, may have been compromised,’ reads the notification signed by Covell.

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards

American Express told BleepingComputer that it has filed the proper notification with regulatory authorities following the hack.

‘When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required,’ American Express told BleepingComputer.

‘We also work to identify impacted customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.

Readers Also Like:  Feature Article: New Geo-Tracking Buoys Make a Splash During Live Test Events - Homeland Security

The financial company did note in the letter that customers who were part of the breach are ‘ not liable for fraudulent charges’ made with their credit cards.

To check if your American Express card may have been compromised, users are urged to log in to their accounts to look for unusual charges and to activate notifications to stay updated with information about the breach.

The incident comes less than two years of another that impacted 1.2 million customers who had their card number, expiration data, CCV, telephone number, address, social security number and other personal data stolen.

American Express said the 2022 breach was deployed by a third-party merchant, which allowed the sensitive information to leak onto the dark web. 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.