Security News > 2024 > March > American Express admits card data exposed and blames third party

American Express admits card data exposed and blames third party
2024-03-04 23:04

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.

"We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

"Your current or previously issued American Express card account number, your name, and other card information such as the expiration date, may have been compromised. It is important to note that American Express owned or controlled systems were not compromised by this incident."

It's worth noting American Express has appeared in Massachusetts reports of data leakage a total of 16 times so far this year, with the other incidents mostly only covering a few MA residents.

Notification letters for those screw-ups state that individual merchants were compromised, exposing their customer records, or that Amex customer data was found online during a law enforcement investigation and reported.

For worried Amex customers, the finance giant gave assurances in its letters that customers aren't liable for fraudulent charges.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/04/american_express/