In December 2014, the California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** The incident involved unauthorized access to a merchant’s data files, potentially exposing **American Express Card account numbers and associated card details**. While the breach compromised payment-related information, it did **not** include more sensitive data such as **Social Security numbers**. The exposure primarily impacted financial transaction data, raising concerns over potential fraudulent activity linked to the compromised card details. Although no evidence of misuse was immediately reported, the breach posed risks to cardholders, including unauthorized transactions or identity fraud attempts tied to the exposed payment information. The incident highlighted vulnerabilities in third-party merchant systems handling American Express card data, prompting notifications to affected individuals and regulatory scrutiny.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-47796
TPRM report: https://www.rankiteo.com/company/american-express
"id": "ame028091825",
"linkid": "american-express",
"type": "Breach",
"date": "12/2014",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Payments / Credit Cards',
'location': 'United States (California)',
'name': 'American Express Travel Related Services '
'Company, Inc and/or its Affiliates',
'type': 'Financial Services'},
{'name': 'Unspecified Merchant (third-party)',
'type': 'Merchant'}],
'customer_advisories': 'Notification letters sent to affected cardholders',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to '
"merchant's data files)",
'personally_identifiable_information': 'No (Social Security '
'numbers not affected)',
'sensitivity_of_data': 'High (payment card data)',
'type_of_data_compromised': ['Card account numbers',
'Card information']},
'date_publicly_disclosed': '2014-12-19',
'description': 'The California Office of the Attorney General reported a data '
'breach incident involving American Express Travel Related '
'Services Company, Inc and/or its Affiliates. Unauthorized '
"access to a merchant's data files may have exposed American "
'Express Card account numbers and Card information, but did '
'not affect Social Security numbers.',
'impact': {'data_compromised': ['American Express Card account numbers',
'Card information'],
'identity_theft_risk': 'Low (no Social Security numbers exposed)',
'payment_information_risk': 'High (Card account numbers and '
'information exposed)'},
'initial_access_broker': {'high_value_targets': "Merchant's data files "
'containing card information'},
'references': [{'date_accessed': '2014-12-19',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Notification letters sent to affected '
'parties',
'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'American Express Merchant Data Breach (2014)',
'type': 'Data Breach'}