An unauthorized person or group accessed the system of a third-party service provider prompting American Express to warn customers that card member information may have been compromised.
In a notice to customers filed with the Office of the Attorney General in California, Stefanie Ash, chief privacy officer (CPO), U.S. American Express Company, said that account numbers, names, expiration dates and other information could have been exposed. Amex said it was “vigilantly monitoring” accounts for fraudulent activity and asked customers to do the same. The notice said that customers could receive more than one letter about the incident if more than one account was affected.
“It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure,” Ash wrote.