After a survey conducted by the authorities, it was discovered that cardholder information American Express, were exposed to unauthorized persons.
The circumstances that led to the finding of the data and how it came to the hands of third parties have not been revealed. Also, American Express may have helped during the investigation, but that is not entirely clear.
On the other hand, it is certain that at least 500 people in California were affected by the incident. All affected people will receive a letter of information if they have not already received, as required by California law.
The information recovered during the investigation may include the American Express card account number, the card holder's name, and the expiry date and the Social Security Number (SSN).
SSN and its owner's name are sufficient data for cybercriminals to make a profit from tax returns in the name of the victim.
Its elements card may be stolen by sellers and online dealers, but the transaction with them does not require the social security number. So, it seems more likely that a phishing attack has been used to steal the data.
The letter is signed by Stefanie Wulwick, Chief Privacy Officer of American Express, and informs the recipient that the company has not registered any unauthorized activity that could be related to the incident.
American Express has already taken formal steps to limit the risk of the incident. In addition to this, the company has applied additional monitoring fraud on the card and says an alert should be issued in the case of suspicious activity.
The recipients of the letter are not responsible for any malicious charges in their account. They are also given a one-year free membership in identity protection services.
Despite the precautionary measures, the company recommends that people keep watch and watch their 12 accounts for 24 months in order to locate an identifiable identity theft at an early stage.