American Express HACKED by third-party service provider that accessed customers’ credit card and personal information

  •  Names, account numbers and card expiration dates were accessed in the hack
  • American Express told customers they are not liable for fraudulent charges
  • READ MORE:  Here’s how credit card information is sold for on the dark web

American Express is alerting customers about a data breach in which hackers accessed personal credit card information.

Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised, the financial service company shared in a letter filed with the state of Massachusetts.

The breach occurred at the company’s American Express Travel Service, which lets customers book flights, hotels and other reservations using an online portal.

American Express is urging all cardholders to check their statements and alert the company if fraudulent charges have occurred.

Account numbers, names and other credit card information such as the expiration date of ‘some customers’ have been compromised

Anneke Covell, chief privacy officer, wrote: ‘We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system.

‘It is important to note that American Express-owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.’

The letter does not detail the number of people impacted or when the incident occurred. 

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards.

‘At this time, we have been informed that your current or previously issued American Express Card account number, your name and other Card information such as the expiration date, may have been compromised,’ reads the notification signed by Covell.

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards

While information on the breach is sparse, it appeared that American Express has sent letters to customers with compromised credit cards

American Express told BleepingComputer that it has filed the proper notification with regulatory authorities following the hack.

“When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required,” American Express told BleepingComputer.

“We also work to identify impacted customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.

DailyMail.com has contacted American Express for comment.

The financial company did note in the letter that customers who were part of the breach are ‘ not liable for fraudulent charges’ made with their credit cards.

To check if your American Express card may have been compromised, users are urged to log in to their accounts to look for unusual charges and to activate notifications to stay updated with information about the breach.

The incident comes less than two years of another that impacted 1.2 million customers who had their card number, expiration data, CCV, telephone number, address, social security number and other personal data stolen.

American Express said the 2022 breach was deployed by a third-party merchant, which allowed the sensitive information to leak onto the dark web. 

***
Read more at DailyMail.co.uk