Anonymous Posts AmEx Card DataConsumers Notified About Information Leaked
Payment card brand American Express says it's notifying about 77,000 California cardholders that their personal information and card data has been posted on various websites, allegedly by members of the hacktivist group Anonymous.
AmEx says it was notified by law enforcement that several large files containing some of its customers' information was posted online, according to a May 29 letter sent to the California attorney general's office.
Marina Norville, an AmEx spokeswoman, says that while some of the data posted online is outdated, AmEx was obligated to notify California residents of the leak. Norville did not offer any details about whether cardholders in other states were affected or how many could potentially have been impacted nationwide.
"Because this is an ongoing investigation, we can't get into the details about the incident because we're working with law enforcement," she tells Information Security Media Group.
Norville says some of the information leaked could still be valid, which raises fraud concerns. "It could be that the account number may still be valid but the expiration date may have come and gone," she says.
How the card data and personal information was obtained is not known, but Norville says the leak is not the result of an AmEx breach or attack. Consumers who may be impacted by the incident have already received a letter from AmEx explaining the incident, she says. Affected individuals receive free identity theft assistance through American Express, which is offered to all cardholders, according to the notification letter.