Share this article on:
American Express customers are being notified that their account information may have been exposed after a third party suffered a data breach.
The world-renowned bank holding company disclosed the incident in a data breach notice filed with the state of Massachusetts this week.
“We became aware that a third-party service provider engaged by numerous merchants experienced unauthorised access to its system,” the notice read.
“Account information of some of our card members, including some of your account information, may have been involved.”
According to the notice, data affected in the incident includes current and former American Express card account numbers, names, and other card information, such as expiration dates.
American Express has said that in response to the breach, it is monitoring accounts carefully for instances of fraud, and in cases where fraudulent purchases are made, American Express said customers “are not liable.”
The financial services company also stressed that its own systems were not breached, rather that the systems of a third-party merchant used frequently by the company’s travel services division suffered a case of unauthorised access.
“It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure,” the company added.
The affected third party has not been disclosed, and it is also currently unknown just how many American Express customers have been exposed as a result of the breach.
American Express has advised those who believe they are affected to review their accounts for fraudulent transactions and activity for the next 12 to 24 months and enable American Express mobile app notifications. It has also suggested that those who witness fraudulent transactions or suspect their data has been stolen request a new card number.