The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company Inc.** in February 2013, originating from an incident on **December 30, 2011**. The breach exposed **Cardmember account numbers, names, and expiration dates**, though **Social Security numbers remained uncompromised**. The exact number of impacted individuals was not disclosed, leaving the scale of exposure uncertain.The exposed data—primarily financial in nature—poses risks such as **fraudulent transactions, identity theft (limited to payment card details), and potential reputational harm** to both customers and the company. While no direct financial losses or systemic disruptions were reported, the breach underscores vulnerabilities in **payment card security protocols**, raising concerns over **customer trust erosion** and **regulatory scrutiny**. The absence of Social Security numbers mitigates severe identity theft risks, but the exposure of **payment card details** still aligns with financial-reputation threats typical of targeted cyber incidents in the financial sector.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-38813
TPRM report: https://www.rankiteo.com/company/american-express
"id": "ame954091725",
"linkid": "american-express",
"type": "Breach",
"date": "12/2011",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Financial Services',
'location': 'United States (California)',
'name': 'American Express Travel Related Services '
'Company Inc.',
'type': 'Corporation'}],
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names'],
'sensitivity_of_data': 'High (payment card details)',
'type_of_data_compromised': ['Cardmember account numbers',
'names',
'expiration dates']},
'date_detected': '2011-12-30',
'date_publicly_disclosed': '2013-02-05',
'description': 'The California Office of the Attorney General reported a data '
'breach involving American Express Travel Related Services '
'Company Inc. on February 5, 2013. The breach occurred on '
'December 30, 2011, potentially affecting Cardmember account '
'numbers, names, and expiration dates, but not Social Security '
'numbers. The number of affected individuals is unknown.',
'impact': {'data_compromised': ['Cardmember account numbers',
'names',
'expiration dates'],
'identity_theft_risk': 'Low (no Social Security numbers '
'compromised)',
'payment_information_risk': 'High (account numbers and expiration '
'dates exposed)'},
'references': [{'date_accessed': '2013-02-05',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'American Express Data Breach (2011-2013)',
'type': 'Data Breach'}