American Express customers’ data compromised as hackers hit a third-party service provider
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
American Express recently started sending warnings to its customers, notifying them that their account information may have been compromised in a recent hacking attack. The attack did not target American Express itself, but a third-party service provider that the company works with.
American Express credit cards exposed in vendor data breach#DataBreachhttps://t.co/m8NGREXiIv
— HackManac (@H4ckManac) March 5, 2024
What happened?
A data breach notification that the firm filed with the state of Massachusetts confirmed that the hacking attack did happen. The hackers targeted a service provider used by American Express’ travel services division, American Express Travel Related Services Company.
According to the firm, details like account numbers, expiration dates, and customer names, may have been compromised in the data breach. The company urged its customers to review their account statements as quickly as possible.
It also added that card members will not be liable for any fraudulent charges. However, the company did not say how many of its customers were affected, or the identity of the third-party service provider that was compromised. In fact, American Express did not even reveal when the attack took place.
For the moment, most details about the attack remain unknown. It is not known who was behind it, when the breach took place, or whether it was detected and interrupted in time to minimize the damage.
It is also important to note that the financial services and credit card giant filed a breach notification letter as a “precautionary measure.” The notification was filed yesterday, March 4, with the Massachusetts State Attorney General’s Office.
American Express claims it was a point-of-sale attack
American Express’ spokesperson addressed the matter, telling media outlets that “the incident was not caused by a data breach” at the company of any of its service providers. Instead, it was caused by a point-of-sale attack at a merchant processor in which American Express Card member data was impacted.
American Express added: “Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible.” This is why affected members will not be liable for fraudulent charges on their accounts, and why the company plans to take protective actions if it detects unusual activity in affected accounts.
“We have sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspicious activity.”
While this is a significant breach, Eureka Security’s co-founder and CEO, Liat Hayun, pointed out that it might not be an isolated incident. In fact, he stressed that a similar incident happened at Bank of America only a few weeks earlier. “This incident likely stemming from unauthorized system access… underscores the critical need for organizations to hold their service providers accountable for data security,” he said.
