American Express has issued a data breach advisory following a hacking incident affecting third-party merchants. The breach, centered in Massachusetts, targeted the payment hardware of merchants associated with an “American Express Travel Related Services Company.” As a result, unauthorized access to the system occurred, potentially exposing customers’ credit card information, including account numbers, names, and expiration dates.
The Breach
American Express clarified that the breach occurred at the level of the merchant processor, the hardware responsible for accepting payments, rather than within American Express-owned or controlled systems. However, the compromised data, which may now be circulating on the dark web, poses a risk to affected customers. Despite this, American Express has not disclosed the specific number of customers impacted or which merchant processor was compromised.
American Express Response
In response to the breach, Amex has initiated an investigation and notified relevant regulatory authorities and affected customers. The company emphasized that it was issuing the advisory as a precautionary measure and assured that customers are not held responsible for fraudulent purchases. Additionally, American Express advised customers to monitor their account statements closely for the next 12 to 24 months and report any suspicious activity promptly.
Similar Incidents
This incident draws parallels to the Wiseasy hack in 2022, where 140,000 payment terminals globally were compromised. Wiseasy, an Android-based payment system popular in the Asia-Pacific region, faced a similar breach, although it remains unclear if affected customers were notified. The breach underscores the vulnerability of payment systems to cyberattacks and the importance of robust security measures.
Customer Precautions
American Express has recommended several precautions for its customers in light of the breach. Firstly, customers are advised to closely monitor their account statements for any unusual activity. They can also enable instant notifications through the Amex mobile app to receive real-time updates on their purchases and fraud alerts. Additionally, customers have the option to request a new card number if their information has been compromised, adding an extra layer of security to their accounts.
In conclusion, the data breach targeting third-party merchants associated with American Express underscores the ongoing threat posed by cyberattacks in the financial sector. While the company has taken steps to address the breach and mitigate potential risks to customers, vigilance remains crucial in safeguarding personal and financial information. By staying informed and implementing recommended precautions, customers can protect themselves against the impacts of such breaches.