American Express says customer data exposed in third-party breach
Cybernews.com
Updated
on: March 04, 2024 8:31 PM
https://cybernews.com/news/american-express-hit-by-third-party-data-breach/
American Express (Amex) credit card
holders may have had some of their account information exposed via a third
party breach, the company has disclosed.
The
financial services and credit card giant filed a breach notification letter as
“a precautionary measure” with the Massachusetts State Attorney Generals Office
on March 4th.
An
American Express spokesperson told Cybernews the “incident was not caused
by a data breach” at the company of any of its service providers.
The
breach was the caused by “a point-of-sale attack at a merchant processor in
which American Express Card member data was impacted,” they said.
It
has been reported the merchant processor at the center of the hack is used by
the American Express Travel Related Services Company, one of the entities under
the company’s travel services division.
The
Amex notification letter states that the account information of some Card
Members “may have been involved,” including:
§ Your name
§ American Express
Card account number
§ Expiration date
This
applies to credit card account numbers that are currently active or were
previously issued, which means some customers may receive more than one letter
about the incident, the company said.
The
breach notification letter states
that Amex was informed by the third-party service provider – which is used by
numerous merchants – that it had “experienced unauthorized access to its
system” but did not provide any specific dates.
“A
courtesy notice of this incident was provided to the Massachusetts regulators
due to impacts to American Express Card members residing in Massachusetts,” the
spokesperson said.
Amex
addresses card holders
“Protecting
the security of our Card Members’ information is very important to us and we
strive to let you know about security concerns as soon as possible,” American
Express said.
American
Express Card Members will not be liable for fraudulent charges on their
accounts, and the company will take protective actions if it sees any unusual
activity on an account, the spokesperson told Cybernews.
“We
have sophisticated monitoring systems and internal safeguards in place to help
detect fraudulent and suspicious activity.”
Amex
is recommending customer regularly review and monitor their account activity,
and immediately contact Amex if they detect any suspicious activity.
“For
added protection, customers can receive free fraud and account activity alerts
via email, SMS text messaging, and/or notifications through our app,” the
spokesperson added.
Headquartered
in lower Manhattan, American Express provides multiple banking services, such
as online checking and savings accounts, to personal loans, as well as
corporate and luxury travel programs.
There
are over 121 million Amex card holders worldwide, according to the latest
research by Zippia, with more than 50% of those card holders in the United
States.
Third-party
service providers need to be held accountable
Liat
Hayun, CEO and co-founder of Eureka Security highlighted to Cybernews that the
Amex breach is “coming just weeks after similar incidents at Bank of America.”
“This
incident likely stemming from unauthorized system access… underscores the
critical need for organizations to hold their service providers accountable for
data security,” Hayun said.
Mid-February,
it was revealed that the data of more than 50,000 Bank of America customers
was exposed from a third party breach of the American financial services Infosys McCamish
Systems (IMS).
The
IMS breach which took place last November was eventually claimed by the LockBit ransomware
gang.
It
was the second third-party breach for Bank of America in 2023 – BOA fell
victim to the infamous MoveIT hacks when
accounting giant Ernst & Young was
hit by the Cl0p ransom group, exposing another 30,000 customers.
“Lessons
from past breaches highlight the importance of robust access controls,” Hayun
said.
“While
mapping access points for sensitive data can be complex, it's a crucial
security measure that organizations must prioritize in alignment with their
overall business objectives and compliance requirements,” she said.
Connecting
the Dots:
James D.
Robinson III was the chairman & CEO for the American
Express Company (Bailout Company) and is an honorary trustee at the Brookings
Institution (think tank).
Joan E. Spero was
the EVP for the American Express Company (Bailout Company) and an
honorary trustee at the Brookings Institution (think tank).
A.W. Clausen was an
honorary trustee at the Brookings Institution (think tank) and the
chairman & CEO for the Bank of America Corp.
Foundation to Promote Open Society was a funder
for the Brookings Institution (think tank).
George Soros is the chairman for the Foundation
to Promote Open Society.
Vernon E. Jordan
Jr. is an honorary trustee at the Brookings Institution (think
tank), a senior counsel for Akin, Gump, Strauss, Hauer & Feld,
LLP, Valerie B. Jarrett’s great uncle and was a director at the American
Express Company (Bailout Company).
Akin,
Gump, Strauss, Hauer & Feld, LLP is the lobby firm for the American
Express Company (Bailout Company).
Stephen J. Squeri is
the group president for the American Express Company (Bailout Company) and
a trustee at the Harlem Children's Zone.
George Soros was a benefactor for the Harlem
Children's Zone and is the chairman for the Foundation to Promote
Open Society.
Foundation to Promote Open Society was a funder
for the Harlem Children's Zone, the International Rescue
Committee and the ClimateWorks Foundation.
Thomas Schick is
a director & overseer for the International
Rescue Committee and the EVP for the American Express Company
(Bailout Company).
Richard C. Levin is
a director at the American Express Company (Bailout Company) and
the vice chair for the ClimateWorks Foundation.
Resources:
Past Research
American
Express Company (Bailout Company) (Past Research on
the American Express Company)
SUNDAY,
NOVEMBER 3, 2013
https://thesteadydrip.blogspot.com/2013/11/american-express-company-bailout-company.html
Bank
of America Reaches $17 Billion Mortgage Settlement with US (Past Research on Bank of America)
FRIDAY,
AUGUST 22, 2014
No comments:
Post a Comment