what happened to my credit card
News | Personal

American Express warns customers about third party data breach

Posted: March 5, 2024 by Pieter Arntz

American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.”

In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered the breach.

The account information of some card holders may have fallen into the wrong hands. The accessed information includes account numbers, names, and card expiration dates.

Further details about which merchant processor was involved and how, are not available at the time of writing.

American Express said it notified the required regulatory authorities and is alerting impacted customers. The company also told BleepingComputer that if a card member’s credit card is used to make fraudulent purchases, customers won’t be responsible for the charges.

American Express is advising customers to carefully review their account for fraudulent activity. Below are some steps you can take to protect your account.

  • Login to your account at americanexpress.com/MYCA to review your account statements carefully and remain vigilant in doing so, especially over the next 12 to 24 months.
  • If your card is active, sign up to receive instant notifications of potential suspicious activity by enabling Notifications in the American Express Mobile app, or signing up for email or text messaging at americanexpress.com/accountalerts.
  • Make sure American Express has your correct mobile phone number and email address so the company can contact you if needed.
  • If you receive an email relating to American Express that you believe could be fraudulent, immediately forward it to UKemailfraud@americanexpress.com. Do not include your account number in the email.

Beware of scammers

Scammers are always on the lookout for data breaches as it presents an opportunity for phishing. There are a few tips to keep in mind.

  • American Express will never ask for sensitive account details by email or phone.
  • Do not install software when asked out of the blue, especially if it reaches you as an email attachment.
  • Scammers will always invoke a feeling of urgency. Don’t let scammers rush you into making wrong decisions.
  • Keep your anti-malware software and security patches up-to-date to prevent fraudsters accessing your details via your computer.
  • If you’re an Android user, be wary of screen overlays on your devices that could capture entered information while you think you are in the actual app. Screen overlays are hard to recognize but on Android you can check Settings > Apps & notifications > Special access > Draw over other apps. (Note that the path may be slightly different depending on your Android version and the phone vendor.) Once there you can review all apps that have the option to “draw over” other apps and see whether or not they have the permission to do so.

Data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Digital Footprint scan

If you want to find out how much of your own data is currently exposed online, you can try our free Digital Footprint scan. Fill in your email address (it’s best to submit the one you most frequently use) and we’ll send you a report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection

RELATED ARTICLES

TikTok logo
News | Personal

TikTok comes one step closer to a US ban

April 24, 2024 - The US Senate has approved a bill that will ban TikTok, unless it finds a new owner, bringing it one step closer to being signed into law.

CONTINUE READING 0 Comments
UnitedHealth Group logo
News | Personal

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

April 23, 2024 - UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.

CONTINUE READING 0 Comments
The Lock and Code logo, which includes the Malwarebytes Labs insignia ensconced in a pair of headphones
Podcast

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

April 22, 2024 - This week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.

CONTINUE READING 0 Comments
Discord logo
News | Privacy

Billions of scraped Discord messages up for sale

April 22, 2024 - An internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles.

CONTINUE READING 0 Comments
week in security
News

A week in security (April 15 – April 21)

April 22, 2024 - A list of topics we covered in the week of April 15 to April 21 of 2024

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Pieter Arntz

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams