American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.
In a
data breach notification filed with the state of Massachusetts under "American Express Travel Related Services Company," the company warned customers their credit cards may have been stolen.
"We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system," explains the data breach notification.
"Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure."
The breach has led to customers' American Express Card account numbers, names, and card expiration data being accessed by the hackers.
It is unclear how many customers were impacted, what merchant processor was breached, and when the attack occurred.
When BleepingComputer asked American Express for more information about the breach, we were told that they do not disclose details of their business relationships and merchant partners and had no further information to share at this time.
However, American Express did say that they have notified the required regulatory authorities and are alerting impacted customers.
