American Express is warning customers that their credit cards were compromised in a third-party data breach after one of its service providers was hacked.
In a data breach notification filed with the state of Massachusetts, American Express said the breach occurred at one of the service providers used by its travel services division, American Express Travel Relations Services Company. Ta.
“We have discovered that a third-party service provider with which a number of our merchants work has experienced unauthorized access to its systems,” the data breach notification explains. .
“Some cardholder account information, including some of your own account information, may be involved. Please note that no systems owned or controlled by American Express were compromised by this incident. is important and we are providing this notice to our customers as a precautionary measure.”
The breach allowed hackers to access customers’ American Express card account numbers, names, and card expiration data.
It is unclear how many customers were affected, which service providers were compromised, and when the attack occurred.
When BleepingComputer asked American Express for more information about the breach, the company did not disclose details about its business relationships or distribution partners, and the company said it had no further information to share at this time.
However, American Express said it has notified the necessary regulatory authorities and is warning affected customers.
“When we learn of a data security incident impacting our customers, we immediately begin an investigation and, if necessary, notify the appropriate regulatory authorities,” American Express told BleepingComputer.
“We are also working to identify affected customers, understand the specific impact, and notify them as required by applicable law and regulation.
Additionally, if a cardmember’s credit card is used for an unauthorized purchase, American Express told BleepingComputer that the customer is not responsible for the charges.
American Express is advising customers to review their account statements over the next 12 to 24 months and report any suspicious activity.
The company also suggests customers enable instant notifications through the American Express mobile app to receive fraud alerts and notifications upon purchase.
Finally, if your card information has been stolen, you may want to consider requesting a new card number. This is because it is common for attackers to sell stolen credit cards on the cybercrime market.
