Data Breach at American Express

The latest data breach at American Express was an inside job. Card member’s information used to open accounts at other financial institutions.


One of the world‘s leading financial institutions, America Express, becomes a victim of data breach. Who would have thought that one of the insiders will damage the reputation of the company by stealing cardholder’s information just to open accounts at other banks and financial institutions.

Yes! This time it’s an American Express employee under investigation for data breach.

Reportedly, American Express has been sending out alerts concerning the data breach, to card holders whose information was compromised.

As expected from a reputable financial institution, American Express identified and informing its members about their information being accessed by an employee.

Members Information accessed included their full names, address, SSN and credit card details.

Surprisingly, this particular incident was not the ordinary data breach we have reported in the past. This time, it was not related to system hacks and database intrusion.

No security protocols were broken and no malware was involved. This incident in simple words can be closely described as “identity theft” by an employee of American Express, with the intention of opening new accounts at other banks.

AMEX has stated that the person is no longer employed by them and is currently under criminal investigation and provided no further comments. In a statement to BleepingComputer. “We are aware of this issue. Ensuring the security of our customers’ information is our top priority, and we are investigating this matter in close partnership with law enforcement,” American Express told BleepingComputer via email.

Ever since the incident, American Express has been courteously making sincere efforts to provide the clients affected, with professional assistance and incentives. This includes: Free credit monitoring via Experian Identity Works. The process requires a notification from AMEX with an activation code to properly authenticate the registration.