Amex Customer Data Exposed in Third-Party Breach

We Keep you Connected

Amex Customer Data Exposed in Third-Party Breach

The breach occurred through a third-party service provider frequently used by the company’s travel services division.
March 4, 2024
American Express is notifying its customers that their credit cards were exposed in a breach involving a third-party service provider.
In a data breach notification filed with the state of Massachusetts, the American bank holding and financial services company notes that its own systems were not compromised by the incident. 
The breach instead occurred through a provider frequently used by the company's travel services division.
Credit card information such as American Express card account numbers, names, and expiration dates are at risk, and users should expect follow-up contact from the company if they have more than one American Express card involved in the breach. 
Anyone who has been potentially affected should review their accounts for fraudulent activity periodically over the next 12 to 24 months. Users should also enable notifications from the American Express Mobile app to stay up to date with their account activity. 
"The recent data breach impacting American Express customers, coming just weeks after similar incidents at Bank of America, underscores the critical need for organizations to hold their service providers accountable for data security," said Liat Hayun, CEO and co-founder of Eureka Security, in an emailed statement. "Lessons from past breaches highlight the importance of robust access controls, as this incident likely stemmed from unauthorized system access."
The Bank of America breach that Hayun referred to was a leak that occurred just last month after a ransomware attack breached one of its third-party providers, Infosys McCamish Systems (IMS), affecting at least 57,028 customers. Though IMS reported that it would not be able to determine with certainty precisely what information was compromised, it likely included sensitive material such as Social Security numbers, names, addresses, dates of birth, and other private information.
American Express has provided tips in its letter to users to protect their information and assures that should users find fraudulent activity on their accounts, they will not be held liable for those charges.
Kristina Beek, Associate Editor, Dark Reading

You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
AI-Driven Testing: Bridging the Software Automation Gap
The Rise of the No-Code Economy
Gcore Radar
Secure Access for Operational Technology at Scale
Threat Intelligence: Data, People and Processes
Building Cyber Resiliency: Key Strategies for Proactive Security Operations
Migrations Playbook for Saving Money with Snyk + AWS
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.