The company has confirmed that some American Express card users have had their sensitive data exposed to hackers.
In a breach notification letter sent to affected customers, the credit card giant claimed that it was not American Express’ infrastructure that was breached, but rather systems belonging to a third-party service provider, which works with “numerous merchants.”
The stolen data included customer names, card numbers and expiration dates. That’s more than enough information to carry out wire fraud or, at the very least, identity theft and impersonation.
Tips to stay safe
“We became aware that a third-party service provider engaged by numerous merchants was experiencing unauthorized access to its system,” the company said in the letter.
“There may have been account details of some of our Card Members, including some of your account details. It is important to note that systems owned or operated by American Express were not affected by this incident, and we are sending you this notice as a precautionary measure.”
We don’t know how many people were affected by the breach, but the state of Massachusetts also disclosed the breach as part of its Breach Report tracker.
If this incident refers to the Massachusetts leak dated February 27, a total of 360 residents of that US state were affected. American Express was mentioned 16 times in the 2024 tracker, but other incidents mention fewer than 10 Massachusetts residents.
Users who are concerned that their cards may be misused should read the letter Heregarding, as it provides some useful tips on how to stay safe. Among other things, American Express recommends that users log into their accounts, carefully review their statements and then set up instant notifications.
Through The register