DarkReading reports:
American Express is notifying its customers that their credit cards were exposed in a breach involving a third-party service provider.
In a data breach notification filed with the state of Massachusetts, the American bank holding and financial services company notes that its own systems were not compromised by the incident.
The breach instead occurred through a provider frequently used by the company’s travel services division.
Credit card information such as American Express card account numbers, names, and expiration dates are at risk, and users should expect follow-up contact from the company if they have more than one American Express card involved in the breach.
Read more at DarkReading.
American Express’s letter to those affected does not name the third-party provider, and notes that the breach may also affect previously credit card numbers.