Goliath financial services company, American Express, released a letter on March 4 stating that its data may have been obtained by hackers.
Rather than targeting the company directly, threat actors focused on point-of-sale merchants. These smaller vendors typically contain as much important data as a larger company, but with weaker cybersecurity defenses and more incentive to pay ransom payments or listen to demands.
In this case, hackers targeted a point-of-sale merchant working with the American Express Travel Related Services Company, obtaining sensitive American Express customer data.
“We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system,” American Express said in a letter filed with the Massachusetts State Attorney General’s Office. “Account information of some of our Card Members, including some of your account information, may have been involved.”
The affected information includes your credit card information (name, card number, and expiration date). The letter doesn’t explicitly state if hackers may have obtained information about your CVV number. Some customers may receive multiple warning letters, as some of the stolen data belonged to expired or inactive cards.
They go on to reassure customers that hackers did not breach any of the company’s systems or locations.
“It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure,” American Express said.
The company recommends all American Express users do the following:
- Closely monitor your accounts for suspicious activity.
- Sign up for instant notifications.
- Replace your card or contact American Express if you detect fraudulent activity.
You can also rely on identity monitoring services to monitor if your credit card information appears anywhere online.
“We are strongly committed to protecting the privacy and security of your information and regret any concern this may have caused you,” American Express said.