American Express (Amex) notifies customers that their credit card information has been compromised in a data breach involving a third-party merchant processor. The company did not disclose the number of impacted customers.
“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” reads the data breach notification sent to the impacted customers. “Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”
The security breach occurred at a service provider that lets customers book flights, hotels and other reservations using an online portal. The hacked third-party merchant processor was processing American Express Card member data.
Exposed data includes current or previously issued Amex Card account numbers, customer names and other Card information such as the expiration date.
The company recommends customers to vigilantly monitor their account for fraud and suspicious transactions. Amex told customers that would not be responsible for any fraudulent charge on their account.
Amex recommends customers review their account statements over the next 12 to 24 months and enable instant notifications via the company’s mobile app to receive notifications about potential suspicious activity.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, data breach)