Amex Customer Data Exposed in Third-Party Breach

The breach occurred through a third-party service provider frequently used by the companys travel services division.

American Express is notifying its customers that their credit cards were exposed in a breach involving a third-party service provider.
In a
data breach notification
filed with the state of Massachusetts, the American bank holding and financial services company notes that its own systems were not compromised by the incident.
The breach instead occurred through a provider frequently used by the companys travel services division.
Credit card information such as American Express card account numbers, names, and expiration dates are at risk, and users should expect follow-up contact from the company if they have more than one American Express card involved in the breach.
Anyone who has been potentially affected should review their accounts for fraudulent activity periodically over the next 12 to 24 months. Users should also enable notifications from the American Express Mobile app to stay up to date with their account activity.
The recent data breach impacting American Express customers, coming just weeks after similar incidents at Bank of America, underscores the critical need for organizations to hold their service providers accountable for data security, said Liat Hayun, CEO and co-founder of Eureka Security, in an emailed statement. Lessons from past breaches highlight the importance of robust access controls, as this incident likely stemmed from unauthorized system access.
The
Bank of America breach
that Hayun referred to was a leak that occurred just last month after a ransomware attack breached one of its third-party providers, Infosys McCamish Systems (IMS), affecting at least 57,028 customers. Though IMS reported that it would not be able to determine with certainty precisely what information was compromised, it likely included sensitive material such as Social Security numbers, names, addresses, dates of birth, and other private information.
American Express has provided tips in its letter to users to protect their information and assures that should users find fraudulent activity on their accounts, they will not be held liable for those charges.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Amex Customer Data Exposed in Third-Party Breach