American Express has issued a data breach advisory after third-party merchants experienced a hacking incident targeting its payment hardware, as reported by Bleeping calculator.
The financial services company clarified that the breach occurred in Massachusetts and related to an “American Express Travel Related Services Company.” This resulted in several traders having “unauthorized access to his system”. Customers’ credit card information, including account numbers, names and card expiration dates, may have been exposed in the process.
“The account information of some of our Card Members, including some of your account information, may have been compromised. It is important to note that systems owned or controlled by American Express were not compromised by this incident, and we are providing you with this notification as a precautionary measure,” American Express said in a statement.
Get our weekly breakdown of the technology behind PC gaming
The company noted that it was the merchant processor, meaning the hardware that accepts payments, that was breached and not a direct American Express service provider. Even so, customer data is potentially circulating on the dark web after being accessed by hackers. American Express has not publicly shared details about how many customers were affected when the breach occurred or which merchant processor was breached.
The incident is reminiscent of the Wiseeasy hack in 2022, which breached the Android-based payment system popular in the Asia-Pacific region and affected 140,000 payment terminals worldwide. Payment terminals are used in restaurants, hotels, retail stores and schools. However, it was unclear whether Wiseeasy informed its customers about the hack.
American Express said it has begun investigating the matter, in addition to notifying the required regulators and affected customers.
the company said BleepingComputer that customers should carefully review their account statements for the next 12 to 24 months, making sure to report any suspicious activity. The institution does not hold card members responsible for any fraudulent purchases.
Other recommendations include enabling instant alerts through the American Express mobile app, which allows users to review their purchases and receive instant fraud alerts. Card members also have the option to request a new card number, should their details be stolen.
Editors’ recommendations