American Express Credit Cards Vulnerable in Alarming Third-Party Data Breach

3/4/24: Article updated with further clarification from American Express that it was a merchant processor who was hacked, not one of their service providers.

Did you hear about the recent data breach involving American Express? Don’t worry; it wasn’t a direct breach on their systems. Instead, a third-party merchant processor was hacked, leading to the exposure of some American Express customers’ credit card information.

A Closer Look at What Happened

This incident didn’t occur due to a security breach at American Express itself. Rather, it happened at a merchant processor where American Express card member data was being processed. In a data breach notification filed with the state of Massachusetts under “American Express Travel Related Services Company,” the company warned customers that their credit card details may have been compromised.

The notification explains, “We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” It goes on to emphasize that American Express’s owned or controlled systems were not compromised by this incident, and the notice is being provided as a precautionary measure.

As a result of the breach, hackers managed to access customers’ American Express card account numbers, names, and card expiration data.

What We Don’t Know

At the moment, there’s no information on how many customers were impacted, which merchant processor was breached, and when the attack occurred. When we asked American Express for more information about the breach, they stated that they don’t disclose details of their business relationships and merchant partners, and had no further information to share at this time.

However, American Express did confirm that they have notified the required regulatory authorities and are alerting impacted customers. “When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required,” said the company.

Protecting Customers

American Express assures customers that if their credit card is used for fraudulent purchases due to this breach, they won’t be held responsible for the charges. They advise customers to review their account statements over the next 12 to 24 months and report any suspicious activity.

Additionally, they suggest customers enable instant notifications via the American Express mobile app to receive alerts about potential fraud and purchase notifications. Lastly, if you believe your card information was stolen, it’s a good idea to consider requesting a new card number, as cybercriminals often sell stolen credit card information on underground marketplaces.

Stay Informed and Stay Safe

While it’s concerning to hear about data breaches like this, it’s essential to stay informed and take necessary precautions to protect your personal and financial information. Keep an eye on your accounts, enable notifications, and don’t hesitate to take action if you suspect any fraudulent activity.

Remember, we’re here to help keep you informed and educated about cybersecurity threats like these. Don’t hesitate to contact us for more information, and be sure to keep coming back to learn more about the latest in cybersecurity news.