It was discovered during an investigative process carried out by the law enforcement agency that data of American Express Card holders has been acquired by unauthorized individuals most probably cyber criminals.
However, the circumstances that led to this discovery are yet undisclosed. Moreover, it is also unclear whether the American Express helped in the investigation or not.
Conversely, it is clear that around 500 individuals in California have become the victims of this attack.
American Express will be sending out the affected individuals a notification letter as per the demands of the Californian Law.
Also discovered during the investigation was the fact that the American Express card holder’s name, account number, card’s expiry date and the social security number/SSN have been acquired by the unauthorized persons.
It must be noted that even the SSN and card holder’s name are enough for the cybercriminals for committing frauds such as they can file for tax returns in the victim’s name.
Card info can easily be obtained from online merchants and retailers but transactions do not need the SSN. Therefore, it is most likely that the phishing attack has been performed to steal the data.
The American Express Chief Privacy Officer Stefanie Wulwick signed a letter informing the recipients that the firm hasn’t recorded any illegal activity on their card account that can be linked to this incident.
The company has already implemented standard steps for mitigating probable risks of this incident and also has placed additional fraud monitoring on its card protection system. It maintains that a threat alert will be issued if a suspected activity is detected.
However, recipients aren’t liable for any sort of fraudulent charges that may have occurred on their account and they will receive free one year membership for the firm’s identity protection program.
Despite these measures the firm suggests that people need to stay alert and monitor all of their account statements over the coming 12 to 24 months to detect any possible identity theft activity beforehand.