Fastexy:American Express card data exposed in third-party breach

Michigan AG Nessel offers tips to avoid identity theft

American Express Co. has told an undisclosed number of cardholders that their account information may have been breached in a recent hacking of a merchant processor. 

Current and previously issued American Express Card account numbers, expiration dates and customer names may have been compromised, AmEx stated in a notice filed last week with Massachusetts regulators. 

"A third party service provider engaged by numerous merchants experienced unauthorized access to its system," Anneke Covell, AmEx's vice president, U.S. & AENB privacy, stated in the notice. "American Express owned or controlled systems were not compromised by this incident." 

AmEx said it's actively monitoring the potentially impacted accounts for fraud, and stressed customers are not liable for fraudulent charges. The New York-based financial services company urged customers to review their accounts for fraudulent activity, sign up to get instant notifications of potential suspicious activity and to make sure their contact information is current. 

There are different circumstances under which financial institutions may report incidents, according to AmEx, which cited a blog post on the Massachusetts state website. "For example, a financial institution may report an incident that occurred at a retailer where the consumer used their bank-issued card," the company said.

In responding to a request for further comment, AmEx declined to disclose the number of those potentially impact nor the geographical reach of the breach.

"The incident that you are inquiring about occurred at a merchant processor and was not an attack on American Express or an American Express service provider, as some media outlets have erroneously reported. Because customer data was impacted, American Express provided notice of the incidents to Massachusetts agencies and impacted customers who reside in Massachusetts," a spokesperson stated in an email.

"We have sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspicious activity. If we see there is unusual activity that may be fraud, we will take protective actions," the spokesperson noted.

Customers who notice any suspicious activity on their account can call: 1-855-693-2213. 

In:
• Data Breach

Kate Gibson

Kate Gibson is a reporter for CBS MoneyWatch in New York.