American Express’s Third-Party Vendor Suffered Breach

March 16, 2016//Ellen Neveux

Last Updated: May 30, 2018

American Express informed customers in a statement last week that one of their third-party service providers suffered a breach. Cardholders were notified and warned that personal account information may have been compromised.

The notice reads, “We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” The third-party vendor wasn’t named, but Stefanie Ash, American Express Chief Privacy Officer, goes on to say, “It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”

Third -party breaches are on the rise and it’s critical to actively manage information security when external providers have access to sensitive data or company systems.

While the statement was released on March 10, it appears this breach occurred December 7, 2013. No information has been provided that explains the delay, however CSO reports, “According to the California Attorney General, this date is also the same data Affinity Gaming reported their data breach, which impacted card transactions at eleven casinos in four states.”

Choose the right remote support solution for your customers – and avoid security breaches.

Subscribe to the SecureLink Blog.
close close