The California Office of the Attorney General disclosed a data breach affecting American Express Travel Related Services Company, Inc. and/or its affiliates. The incident involved the potential compromise of customer payment card details, including American Express Card account numbers, cardholder names, and expiration dates. While the breach exposed sensitive financial data, no Social Security numbers or other highly sensitive personal information were reported as impacted. The exact date of the breach remains undisclosed, but it was officially reported on March 25, 2014. The exposed data poses risks such as fraudulent transactions, unauthorized card usage, or phishing attempts targeting affected customers. Although the breach did not involve broader identity theft (e.g., SSNs), the leakage of payment card details alone can lead to financial losses for customers and reputational damage for American Express. The company likely faced regulatory scrutiny and was required to notify affected individuals, implement remediation measures, and enhance security protocols to prevent future incidents. The breach underscores vulnerabilities in payment card data protection, particularly within travel-related financial services.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-44555
TPRM report: https://www.rankiteo.com/company/american-express-global-business-travel
"id": "ame1004091725",
"linkid": "american-express-global-business-travel",
"type": "Breach",
"date": "3/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Payments / Credit Cards',
'location': 'United States (California reported)',
'name': 'American Express Travel Related Services '
'Company, Inc and/or its Affiliates',
'type': 'Financial Services'}],
'data_breach': {'personally_identifiable_information': 'Partial (names only; '
'no SSNs)',
'sensitivity_of_data': 'High (payment card details)',
'type_of_data_compromised': ['Payment card data (account '
'numbers, names, expiration '
'dates)']},
'date_publicly_disclosed': '2014-03-25',
'description': 'The California Office of the Attorney General reported that '
'American Express Travel Related Services Company, Inc and/or '
'its Affiliates experienced a data breach potentially '
'compromising American Express Card account numbers, names, '
'and expiration dates of affected customers. No personal '
'information such as Social Security numbers was reported as '
'impacted.',
'impact': {'data_compromised': ['Card account numbers',
'Names',
'Expiration dates'],
'identity_theft_risk': 'Low (no SSNs compromised)',
'payment_information_risk': 'High (card details exposed)'},
'references': [{'date_accessed': '2014-03-25',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Attorney General'},
'title': 'American Express Data Breach (2014)',
'type': 'Data Breach'}