Although data breach notices went out to American Express customers who were involved on September 30th, this is not the typical breach where systems were accessed, or databases were obtained by an outside party. This breach involved an American Express employee acquiring customer information and using it for fraudulent attempts to open accounts at other financial institutions. Information that was accessed included full names, physical and billing addresses, Social Security numbers, birth dates, and the credit card number. American Express assures that this unnamed person does not work at the company any longer and is facing charges pending a criminal investigation. A portion of the statement released by American Express read, “We are aware of this issue. Ensuring the security of our customers’ information is our top priority, and we are investigating this matter in close partnership with law enforcement.” The company is also providing free credit monitoring in partnership with Experian Identity Works.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In