American Express admits card data exposed and blames third party

Don't leave home without … IT security

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.

"We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

"Your current or previously issued American Express card account number, your name, and other card information such as the expiration date, may have been compromised. It is important to note that American Express owned or controlled systems were not compromised by this incident."

The US state of Massachusetts disclosed [PDF] the blunder as part of its rules on publicizing privacy breaches.

It's worth noting American Express has appeared in Massachusetts' reports of data leakage a total of 16 times so far this year, with the other incidents mostly only covering a few (read: single digit) MA residents.

Notification letters for those dozen or so screw-ups state that individual merchants were compromised, exposing their customer records, or that Amex customer data was found online during a law enforcement investigation and reported. Amex's spokespeople stressed to The Reg that these blunders "were not caused by a data breach at American Express or at a service provider of American Express." For example, in two of the cases, "the incidents resulted from point-of-sale attacks at merchant processors, and are not related" to any failures on American Express's end, we're told.

For worried Amex customers, the finance giant gave assurances in its letters that customers aren't liable for fraudulent charges. Amex suggests customers regularly review their statements, and sign up for account alerts that notify users via text, email, or through its mobile app of any suspicious charges. ®

More about

TIP US OFF

Send us news


Other stories you might like