American Express has alerted customers that their credit card details may have been compromised following a third-party data breach.
In a filling with US SEC, Amex warned that current or previously issued account numbers, customer names, and other card details such as the expiration date may have been accessed in the attack.
Amex added that customers may receive additional notification letters if more than one of their Amex accounts were involved. The impact of the incident is unknown.
American Express stated that the breach occurred in “a third-party service provider engaged by numerous merchants,” which may have involved account information of some of its card members.
There was no information about who the third-party merchant processor is, and no American Express owned or controlled systems were compromised by the incident, the company added.
American Express assured contacted customers that it is “vigilantly monitoring your account for fraud,” and that they will not be liable for any fraudulent charges on their account.
It provided the following advice to potentially impacted customers to mitigate the risk of fraud:
- Review your Amex account statements carefully for signs of fraudulent activity.
- Enable notifications in the American Express Mobile app to receive instant notifications of potential suspicious activity
- Report any suspected identity theft to law enforcement