- During the hack, names, account numbers and card expiration dates were accessed
- American Express told customers they are not liable for fraudulent charges
- READ MORE: Here’s how credit card information is sold on the dark web
American Express is warning customers about a data breach in which hackers gained access to personal credit card information through a third-party vendor.
Account numbers, names and other credit card information such as expiration dates for “some customers” have been compromised, the financial services company shared in a letter filed with the state of Massachusetts.
The incident occurred at a service provider that uses American Express Travel Service, which allows customers to book flights, hotels and other reservations through an online portal.
American Express urges all cardholders to check their statements and alert the company if fraudulent charges have occurred.
Account numbers, names and other credit card details such as expiration dates of ‘some customers’ have been compromised
Anneke Covell, chief privacy officer, wrote: ‘We have become aware that a third-party service provider engaged by numerous merchants has experienced unauthorized access to its system.
“It is important to note that systems owned or operated by American Express were not affected by this incident, and we are sending you this notice as a precaution.”
The letter does not provide details on the number of people affected or when the incident occurred.
Gerilyn Cammaroto, vice president of communications for American Express, told DailyMail.com: “This incident was not caused by a data breach at American Express or any American Express service provider.
“This incident resulted from a merchant point-of-sale attack that affected American Express Card member data.
“A courtesy notice regarding this incident has been provided to Massachusetts regulators due to the impact on American Express Card members living in Massachusetts.”
While information about the breach is scarce, it appears that American Express sent letters to customers with compromised credit cards.
“At this time, we have been notified that your current or previously issued American Express Card account number, your name and other card information such as expiration date may have been compromised,” reads the notice signed by Covell.
While information about the breach is scarce, it appears that American Express sent letters to customers with compromised credit cards
AmericanExpress told BleepingComputer that it filed the appropriate notification with regulators after the hack.
“If we learn of a data security incident impacting our customers, we will immediately initiate an investigation and notify appropriate regulatory authorities as appropriate,” American Express told BleepingComputer.
“We are also working to identify affected customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.
The financial company noted in the letter that customers who were part of the breach “are not liable for fraudulent charges” made on their credit cards.
To check if your American Express card may have been compromised, users are urged to log into their account to look for unusual charges and activate notifications to stay informed about the breach.
The incident comes less than two years later and has affected 1.2 million customers who had their card number, expiration details, CCV, phone number, address, social security number and other personal information stolen.
American Express said the 2022 breach was committed by a third-party merchant, allowing the sensitive information to leak onto the dark web.