American Express confirms customer details exposed — third-party data breach sees info leaked online

American Express credit card numbers and names were exposed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Some American Express card users may have had their sensitive data exposed to hackers, the company has confirmed.

In a breach notification letter sent to affected customers, the credit card giant claimed it wasn’t American Express infrastructure that was breached, but rather systems belonging to a third party service provider, which works with “numerous merchants”.

The data stolen included customer names, card numbers, and expiry dates. That is more than enough information to perform wire fraud or, at the least,identity theftand impersonation.

Tips to stay safe

“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system,” the company said in the letter.

“Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”

We don’t know how many people were affected by the breach, however the State of Massachusetts also disclosed the leak as part of its Breach Report tracker.

If this incident refers to the leak that Massachusetts dated February 27, then a total of 360 residents of that US state were affected. American Express was listed 16 times in the tracker for 2024, but other incidents list fewer than 10 Massachusetts residents.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Users that are worried their cards might be abused, should read the letterhere, as it gives a few helpful tips on how to remain secure. Among other things, American Express suggests users log into their accounts and carefully review their account statements, and then set up instant notifications.

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lenovo ThinkPad T14s Gen 6 review