American Express has informed its customers about a data breach that occurred at a third-party service provider utilized by several merchants.
In a Notice of Data Breach filed recently with the Massachusetts Office of Consumer Affairs and Business Regulation, American Express stated that an unidentified service provider had encountered unauthorized access to its system, potentially compromising the account details of certain American Express cardholders.
Data Breach Notice: ‘Card Information May Have Been Compromised’
American Express told its affected customers:
- Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.
- At this time, we have been informed that your current or previously issued American Express Card account number, your name and other Card information such as the expiration date, may have been compromised. Please be aware that you may receive additional letters from us if more than one of your American Express Card accounts were involved.
Extent Of Data Breach Still Unknown
American Express has chosen not to reveal the number of individuals potentially affected or the extent of the data breach in response to CBS News’ request for additional information. The company clarified that the incident took place at a merchant processor and was not a direct attack on American Express or any of its service providers, contrary to some media reports.
Following the impact on customer data, American Express promptly notified both Massachusetts authorities and affected customers residing in the state, as stated by a spokesperson in an email to the news outlet. The spokesperson emphasized the presence of advanced monitoring systems and internal security measures to identify and address any suspicious or fraudulent activities, with proactive measures taken in case of any unusual behavior.
Banking And Financial Institutions Must Act Now
“This data breach potentially compromising the account details of certain American Express cardholders is a call for banking and financial institutions to act now,” said Jeremy Greenwood, Enterprise Global Sales Lead, SentryBay. “It’s imperative to use multiple fail safes to protect customer account details from data theft. SentryBay’s patented Armored Client endpoint access isolation technology takes the assumption that a device is already compromised and actively protects credentials and data no matter the strength or weakness of the password. SentryBay is a critical component of any financial enterprise’s security stack to supplement or supersede traditional credential protections.”
