SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
21 Mar 2016

American Express warns customers about third-party breach

In a notification letter dated March 10, American Express warns cardholders that their account information might've been exposed after a third-party service provider suffered a data breach.

"...Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident," the letter states.

The third-party provider, which isn't named, is engaged by several merchants the notification letter explains. Cardholders should expect that their account number, name, and other card details were compromised. How to respond to ransomware threats? American Express says they are monitoring accounts for fraud, and that cardholders should do the same and report any suspicious transactions. If it isn't already enabled, customers are also encouraged to use the transaction notifications, which will alert them each time the card is used.

The interesting aspect of this notification is that the incident being referenced by American Express happened on Saturday, December 7, 2013. It isn't clear why the there was such a delay. American Express says the notification is just a precaution. Worst-case scenario, American Express hasn't tracked any related fraud, but the incident at the provider actually went undetected for several years. That seems unlikely, but it's possible.

According to the California Attorney General, this date is also the same day Affinity Gaming reported their data breach, which impacted card transactions at eleven casinos in four states. In fact, 2013 had a number of large data breaches, including Target, multiple incidents at LinkedIn, Facebook, Tumblr, Twitter and Pinterest, Zendesk, Adobe, Living Socal, and Evernote. As a rule, American Express will issue alerts long after an incident if there are indications that cardholders were or could be exposed somehow. You can see examples of this in any of the notification search engines.

The company doesn't discuss their anti-fraud measures, so why this happens isn't clear, but it isn't uncommon for them to alert cardholders of potential problems long after an incident has been made public. Also, some incidents are known to the card brands themselves, but not the public.

But the date of the incident in question being referenced by this notice (December 7, 2013), as well as the wording on the source itself ("a third party service provider engaged by numerous merchants.") is what stood out as something worth discussing. The last time American Express issued a notification letter with a long gap was in November of 2015. In that case, the incident being referenced happened in 2008.

American Express sent the following statement:

"The incident American Express reported to the California Attorney General on March 10 was not a breach of any American Express environment or service provider, but rather was a merchant breach. We inadvertently filed an incorrect version of the customer notice with the California Attorney General, which is being corrected. It’s important to note that we sent the correct version of the letter to Card Members in California notifying them of a merchant breach. We sent the letter as a courtesy to our Card Members in California when we were made aware of the breach by the merchant. The letter to our Card Members includes information and resources that they can use to protect their information."

Tags:
information leaks
Source:
CSO Online
1821
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015