AmEx writes to customers after Anonymous dumps card data

American Express is writing to around 75,000 Californian customers to warn them that their card data has been posted online by Anonymous Ukraine.

  9 5 comments

AmEx writes to customers after Anonymous dumps card data

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In March the Ukrainian arm of the Anonymous collective posted details from around seven million Visa, MasterCard, AmEx and Discover cards online in protest at the US and its banking system.

While the fraud threat is considered minimal, AmEx has now moved to warn affected customers. As picked up by CSO, the firm has written to the California Attorney General's Office about its decision.

AmEx is writing to 58,522 Californians whose names and corresponding account numbers were involved, as well as another 18,086 whose card information was published but not their names.

Says the letter being sent out: "We were recently made aware that your American Express Card information was recovered during an investigation by law enforcement and/or American Express.

"At this time, we believe the recovered data may include your American Express Card account number, the card expiration date, the date your card became effective and the four digit code printed on the front of your card."

The company stresses that social security numbers were not taken and that no fraud has been detected on the affected cards but says that it has put extra monitoring procedures in place.

Sponsored [On-Demand Webinar] PREDICT 2025: The Future of AI in the US

Related Company

Keywords

Comments: (5)

A Finextra member 

What's the point of PCI if such breaches still happen?..

A Finextra member 

Agreed, though they were probably PCI compliant at the time.

Could they fine themselves? ;0)

 

A Finextra member 

Why bother to write comments like these?   Regardless of some of the questionable approaches to PCI taken by the card brands, what is the point of attributing any weight to PCI for a story like this?   There is no information here that would indicate Anonymous obtained this information because PCI is not what it should be.

Are you saying that the existence of a standard should automatically banish all hacking, fraud, social engineering, and insider data theft?   There are many valid ways to achieve data theft that are beyond the scope of what PCI attempts to address or well within the parameters of what PCI does address (e.g. a person with valid credentials and responsibilities committing criminal acts). 

The sixth largest breach of all time happened earlier this year in South Korea.  Over 100 million payment card records exposed via  a criminal act by a person within a credit bureau.  

If you could "fix" or eliminate PCI, how would it change things?   Assume you are making this point from an assumed superior position that consists of a "better idea".  How does your better idea make things better - beyond the point of getting someone through a transit terminal without having their data stolen?   We can all agree on the benefits of hardware encryption. . . but what eveything else?

 . . . or maybe people just make comments like this because they really don't understand what PCI is and what it isn't???

A Finextra member 

One of the PCI's objectives is to ensure that cardholder/sensitive data is safeguarded. Clearly, that doesn't (always) work. Some of the solutions available in 2014 - tokenisation or 2FA. When there is nothing to steal, there is nothing to protect. Simples! You don't need thousands of pages that vaguely describe stuff nobody can comprehend (and, hence, act upon). Look at mobile telecom - their fraud rate is almost nonexistent without any PCI. Remove PCI, let banks and merchants get hit with tangible fraud, and they WILL take appropriate measures. PayPal is a good example of that.

A Finextra member 

Biggest data breaches.  Can anyone point me to the best place to understand what the largest breaches of the last 10 years have been.  Is anyone tracking this data centrally? All part of the continuing journey to educate senior bank executives who grew up in a pre-cyber security world of the need to invest more...

[Webinar] PREDICT 2025: The Future of Faster Payments in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of Faster Payments in the US