The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** in May 2014. The incident involved the unauthorized exposure of **American Express Card account information**, specifically **card account numbers and expiration dates**. However, **Social Security numbers remained unaffected**, and the exact timeline of the breach, along with the number of impacted individuals, was not publicly disclosed. While the breach did not result in the compromise of highly sensitive personal identifiers (e.g., Social Security numbers), the exposure of **payment card details** poses risks such as **potential fraudulent transactions, phishing attempts, or identity theft targeting cardholders**. Financial institutions and affected customers would likely face **reputational concerns**, increased scrutiny over security protocols, and possible **financial losses** due to fraudulent activities linked to the exposed data. The breach underscores vulnerabilities in payment system protections, though the absence of broader personal data (e.g., SSNs) limits the severity compared to more extensive leaks.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-45273
TPRM report: https://www.rankiteo.com/company/american-express
"id": "ame041090625",
"linkid": "american-express",
"type": "Breach",
"date": "5/2014",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Financial Services',
'location': 'United States (California)',
'name': 'American Express Travel Related Services '
'Company, Inc.',
'type': 'Corporation'}],
'data_breach': {'personally_identifiable_information': 'No (Social Security '
'numbers not impacted)',
'sensitivity_of_data': 'High (payment card details)',
'type_of_data_compromised': ['Card account number',
'Expiration date']},
'date_publicly_disclosed': '2014-05-29',
'description': 'The California Office of the Attorney General reported a data '
'breach involving American Express Travel Related Services '
'Company, Inc. on May 29, 2014. The breach potentially exposed '
'American Express Card account information, including the card '
'account number and expiration date, but Social Security '
'numbers were not impacted. The specific date of the breach '
'and the number of affected individuals are unknown.',
'impact': {'data_compromised': ['Card account number', 'Expiration date'],
'identity_theft_risk': 'Low (no Social Security numbers impacted)',
'payment_information_risk': 'High (card account details exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'American Express Data Breach (2014)',
'type': 'Data Breach'}