American Express confirms customer details exposed — third-party data breach sees info leaked online

Credit card information for sale
(Image credit: Shutterstock)

Some American Express card users may have had their sensitive data exposed to hackers, the company has confirmed.

In a breach notification letter sent to affected customers, the credit card giant claimed it wasn’t American Express infrastructure that was breached, but rather systems belonging to a third party service provider, which works with “numerous merchants”. 

The data stolen included customer names, card numbers, and expiry dates. That is more than enough information to perform wire fraud or, at the least, identity theft and impersonation.

Tips to stay safe

“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system,” the company said in the letter. 

“Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”

We don’t know how many people were affected by the breach, however the State of Massachusetts also disclosed the leak as part of its Breach Report tracker. 

If this incident refers to the leak that Massachusetts dated February 27, then a total of 360 residents of that US state were affected. American Express was listed 16 times in the tracker for 2024, but other incidents list fewer than 10 Massachusetts residents. 

Users that are worried their cards might be abused, should read the letter here, as it gives a few helpful tips on how to remain secure. Among other things, American Express suggests users log into their accounts and carefully review their account statements, and then set up instant notifications. 

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.