American Express
Company Details
Linkedin ID:
american-express
Website:
Employees number:
79,764
Number of followers:
2,809,257
NAICS:
52
Industry Type:
Homepage:
americanexpress.com
IP Addresses:
0
Company ID:
AME_2856520
Scan Status:
In-progress
American Express Company CyberSecurity Posture
americanexpress.com
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly striving to uphold our powerful backing promise to our customers and each other every day. These beliefs have been our North Star for 170 years as our business transformed – from helping evacuate travelers during World Wars, to ensuring the safety of our customers’ funds during the Great Depression in the U.S., to creating the Shop Small® movement to help small businesses recover from the Financial Crisis, to providing aid to communities impacted by many natural disasters and so much more. For generations, the key to our success has been the determination and resilience of our American Express colleagues. Now, as a globally integrated payments company, we work together to provide customers with access to products, insights and world-class experiences that enrich lives and build business success. Join us and let’s lead the way together. Learn more about us at: https://www.americanexpress.com/careers https://www.americanexpress.com/ https://www.facebook.com/AmericanExpressUS https://www.instagram.com/americanexpress/ https://twitter.com/americanexpress https://www.youtube.com/user/AmericanExpress See our community guidelines at: https://www.americanexpress.com/en-us/company/community-guidelines/ If you have a customer service issue or question, please visit www.americanexpress.com/contactus
American Express A.I CyberSecurity Scoring
American Express Risk Score (AI oriented)Between 650 and 699
American Express
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
American Express Global Score (TPRM)XXXX
American Express
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
American Express Company CyberSecurity News & History
Past Incidents
64
Attack Types
2
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On March 10, 2016, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred on December 7, 2013, and compromised account information of some cardholders, including card numbers and names.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 25, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach wherein American Express Card information, including account numbers and names, was recovered during a law enforcement investigation. The specific date of the breach is not available, and no Social Security numbers were compromised.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on January 16, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach that occurred on November 1, 2012. The breach potentially involved unauthorized access to data files containing American Express Card account numbers, names, and other card information, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on January 7, 2014, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach involving the recovery of American Express Card information. The breach included card account numbers and names but did not compromise Social Security numbers, and no specific number of individuals affected was provided.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 12, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach resulting in the recovery of American Express Card information, including account numbers, names, and expiration dates. Social Security numbers were not impacted, and there was no indication of unauthorized activity.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on March 1, 2013, that American Express experienced a data breach involving its Cardmembers' information being recovered during a law enforcement investigation. The breach reportedly included American Express Card account numbers and names, but did not compromise Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on October 10, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach involving American Express Card information. The affected data included Card account numbers, names, and expiration dates, but Social Security numbers were not compromised; the specific number of individuals affected is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on April 9, 2013, which was reported on May 2, 2013. The breach involved the recovery of American Express Card information, including account numbers and names, but Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on June 2, 2014. The breach, reported on January 28, 2016, potentially compromised account information of an unknown number of Card Members. The compromised data included card numbers, names, and expiration dates. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 3, 2012. The breach involved unauthorized access to a merchant's website files which potentially exposed American Express Card account numbers, names, and other card information, affecting an unspecified number of individuals.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach on March 22, 2015, affecting American Express Travel Related Services Company, Inc. The breach involved unauthorized access to a third-party service provider's system, compromising Card Members' account information. The incident was reported on January 7, 2016, but the exact number of individuals affected was not disclosed.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on May 21, 2012. The breach potentially exposed American Express Card account numbers, names, and expiration dates, affecting an unknown number of individuals. However, Social Security numbers were not compromised.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on November 6, 2012. The breach, which occurred on November 6, 2011, affected potentially compromised American Express Card account information. Card account numbers and card expiration dates were impacted, but Social Security numbers were not compromised. The specific number of affected individuals remains unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On September 23, 2013, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. (referred to as AXP). The incident involved the recovery of American Express Card account information, including card numbers and expiration dates; however, Social Security numbers were not affected. The breach date is not available.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on December 12, 2013, that American Express Travel Related Services Company, Inc. experienced a data breach on May 28, 2013, involving unauthorized access to a merchant's website files. The breach potentially exposed American Express Card account numbers and names, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach affecting American Express Travel Related Services Company, Inc. and/or its Affiliates on August 27, 2013. The breach occurred on January 17, 2012, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers and other card information. The number of affected individuals is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 21, 2015, that American Express Travel Related Services Company, Inc. experienced a data breach on February 15, 2011, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other Card information. The breach did not impact Social Security numbers or show any unauthorized activity on the affected accounts.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on March 13, 2011, which was reported on August 7, 2014. The breach involved unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other card information, but not Social Security numbers. The number of individuals affected is not specified.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 28, 2015. The breach involved a merchant theft that potentially exposed American Express Card account numbers, names, and Card information, but did not compromise Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach concerning American Express Travel Related Services Company, Inc. on March 25, 2013. The recovered data included American Express Card information, although specific details regarding the number of affected individuals and the method of breach were not available.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on January 26, 2016. The breach occurred on September 23, 2015, affecting certain Card Members' account information, including account numbers and names. The specific number of individuals affected is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on July 3, 2013. The breach involved the recovery of American Express Card information, including account numbers, names, and Social Security numbers, although the breach date was not specified.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 27, 2014. The breach is related to the recovery of American Express Card information, but the exact method of the breach and the number of individuals affected is unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on December 12, 2012. The breach occurred on November 1, 2010, and resulted in unauthorized access to a merchant's website, potentially compromising American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on January 20, 2015, with the breach reported on July 24, 2015. The breach involved unauthorized access to a merchant's data files, affecting cardholder information such as cancelled card numbers and names, but no Social Security numbers were impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving the American Express Travel Related Services Company, Inc. on September 13, 2012. The breach occurred on April 2, 2012, involving unauthorized access to a merchant's data files, exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of individuals affected is unknown.
American Express Travel Related Services Company, Inc
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on October 1, 2014. The breach occurred on June 13, 2013, and involved unauthorized access to a merchant's website files, compromising American Express card account numbers, names, and other card information, but not Social Security numbers. The number of affected individuals is unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The data breach reported by the Massachusetts Office of Consumer Affairs and Business Regulation on July 7, 2020, involved American Express Travel Related Services Company, Inc. The breach affected 1 resident and included compromised electronic records such as credit and debit numbers. This incident highlights the vulnerability of financial information in electronic systems and the potential risks associated with data breaches.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On September 8, 2015, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred on December 30, 2014, and unauthorized access involved the card account number, name, and other card information of affected individuals. The specific number of individuals affected is unknown, but Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on April 4, 2013. The breach occurred on January 17, 2013, and potentially exposed American Express Card account numbers, names, and expiration dates; however, Social Security numbers were not impacted. The number of individuals affected is currently unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 27, 2016. The breach occurred on April 23, 2015, due to unauthorized access to a third-party service provider, potentially compromising the account information of some Card Members, including names and card numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 26, 2015. The breach occurred on April 12, 2014, due to unauthorized access to a merchant's website, potentially exposing Cardmembers' American Express Card account numbers, names, and other card information, while Social Security numbers were not affected.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 22, 2015. The breach involved unauthorized access to a payment processing system, leading to potential access of account information for some Card Members, including names and addresses, but not Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 19, 2013. The breach occurred on February 1, 2013, and involved unauthorized access to data files that included Card account numbers and holder names, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on August 14, 2012. The breach occurred on March 2, 2012, due to unauthorized access to merchant data files potentially exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates (AXP) on November 30, 2012. The recovered data reportedly included American Express Card account numbers, names, expiration dates, and Social Security numbers, but the exact number of individuals affected and the specific method of the breach are unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on December 29, 2013. The breach involved the recovery of American Express Card account information, specifically card numbers and names, but Social Security numbers were not impacted. The exact number of affected individuals is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on September 5, 2012. The affected data included American Express Card account numbers, names, and expiration dates, but the specific date of the breach is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on December 19, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach on July 11, 2011. The incident involved unauthorized access to a merchant's website which potentially exposed American Express Card account numbers and names, although Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on November 20, 2012, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach on August 3, 2012, involving unauthorized access to a merchant's website. The affected data files may have included American Express Card account numbers, names, and expiration dates, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: In May 2008, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant’s data files. The incident, reported by the California Office of the Attorney General on November 12, 2015, exposed American Express Card account numbers and related transaction details. While the breach did not compromise Social Security numbers, the exact number of affected individuals remains undisclosed. The unauthorized access suggests a failure in securing third-party merchant systems, potentially allowing attackers to harvest payment card information. Such breaches often lead to financial fraud risks for cardholders, including unauthorized transactions or identity theft attempts. The delayed disclosure (over seven years later) further highlights gaps in incident response and regulatory compliance. Although no direct evidence of misuse was reported, the exposure of card data alone poses significant reputational and operational risks for American Express, eroding customer trust and potentially incurring regulatory penalties.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company Inc.** in February 2013, originating from an incident on **December 30, 2011**. The breach exposed **Cardmember account numbers, names, and expiration dates**, though **Social Security numbers remained uncompromised**. The exact number of impacted individuals was not disclosed, leaving the scale of exposure uncertain.The exposed data—primarily financial in nature—poses risks such as **fraudulent transactions, identity theft (limited to payment card details), and potential reputational harm** to both customers and the company. While no direct financial losses or systemic disruptions were reported, the breach underscores vulnerabilities in **payment card security protocols**, raising concerns over **customer trust erosion** and **regulatory scrutiny**. The absence of Social Security numbers mitigates severe identity theft risks, but the exposure of **payment card details** still aligns with financial-reputation threats typical of targeted cyber incidents in the financial sector.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** in May 2014. The incident involved the unauthorized exposure of **American Express Card account information**, specifically **card account numbers and expiration dates**. However, **Social Security numbers remained unaffected**, and the exact timeline of the breach, along with the number of impacted individuals, was not publicly disclosed. While the breach did not result in the compromise of highly sensitive personal identifiers (e.g., Social Security numbers), the exposure of **payment card details** poses risks such as **potential fraudulent transactions, phishing attempts, or identity theft targeting cardholders**. Financial institutions and affected customers would likely face **reputational concerns**, increased scrutiny over security protocols, and possible **financial losses** due to fraudulent activities linked to the exposed data. The breach underscores vulnerabilities in payment system protections, though the absence of broader personal data (e.g., SSNs) limits the severity compared to more extensive leaks.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On August 24, 2012, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant's website. The incident, reported by the California Office of the Attorney General on February 19, 2013, resulted in the compromise of American Express Card account numbers, cardholder names, and other payment-related details. However, Social Security numbers were not affected, and the exact number of impacted individuals remains undisclosed. The breach stemmed from a vulnerability in the merchant’s system, allowing attackers to exploit weaknesses and gain access to sensitive cardholder data. While the exposed information could potentially facilitate fraudulent transactions or identity theft, the absence of Social Security numbers or broader personal identifiers limited the severity of the long-term consequences. American Express likely initiated containment measures, including notifying affected customers and collaborating with law enforcement to mitigate risks. The incident underscores the persistent threats posed by cybercriminals targeting payment systems, emphasizing the need for robust security protocols across third-party vendors.
American Express Travel Related Services Company, Inc
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express** in January 2016, stemming from an incident in **November 2014**. The breach involved unauthorized access to a **third-party service provider’s system**, exposing sensitive customer data. Compromised information included **American Express Card account numbers, cardholder names, and other card-related details** of certain Card Members. While the exact scale of the breach was not specified, the exposure of financial data posed risks of fraud, identity theft, and reputational harm to affected customers. The incident highlighted vulnerabilities in third-party vendor security, raising concerns about supply chain risks in payment processing ecosystems. American Express likely faced regulatory scrutiny, potential financial liabilities, and erosion of customer trust due to the exposure of payment card information.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: In December 2014, the California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** The incident involved unauthorized access to a merchant’s data files, potentially exposing **American Express Card account numbers and associated card details**. While the breach compromised payment-related information, it did **not** include more sensitive data such as **Social Security numbers**. The exposure primarily impacted financial transaction data, raising concerns over potential fraudulent activity linked to the compromised card details. Although no evidence of misuse was immediately reported, the breach posed risks to cardholders, including unauthorized transactions or identity fraud attempts tied to the exposed payment information. The incident highlighted vulnerabilities in third-party merchant systems handling American Express card data, prompting notifications to affected individuals and regulatory scrutiny.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on April 1, 2014. The breach involved the recovery of American Express Card information, including account numbers and names, but not Social Security numbers. The specific number of individuals affected is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on September 24, 2014. The breach exposed American Express Card information, but it was confirmed that Social Security numbers were not impacted. This incident highlights the vulnerability of financial information in cyber attacks, emphasizing the need for robust security measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 15, 2015. Unauthorized access to a merchant's website files potentially affected American Express Card account numbers and other card information, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on February 2, 2012. The breach involved unauthorized access to data files, exposing Card account numbers, names, and expiration dates. Social Security numbers were not impacted. The number of individuals affected is unknown. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on December 19, 2012, involving unauthorized access to a merchant's website. Approximately UNKN individuals were potentially affected, with the compromised data including American Express Card account numbers and names, but not Social Security numbers.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach at American Express Company on November 2, 2014. The breach, reported on May 1, 2015, compromised customer account information, including names, card account numbers, and card expiration dates. Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On December 4, 2013, the California Office of the Attorney General reported a breach by American Express Travel Related Services Company, Inc and/or its Affiliates (AXP), which occurred on February 10, 2013. The breach involved unauthorized access to a merchant's data files, exposing American Express Card account numbers and other card information of customers, but not Social Security numbers. The number of individuals affected is currently unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On September 25, 2015, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred on May 19, 2014, and unauthorized access to customer data files was detected, potentially exposing American Express Card account numbers and other related information. No Social Security numbers were impacted, and no fraudulent activity has been detected on affected accounts.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data security incident involving American Express Travel Related Services Company, Inc and/or its Affiliates. The incident involved the potential illegal acquisition of personal and account information of Card Members. The report was issued on November 7, 2014, but specifics regarding the exact number of affected individuals and the breach date are unknown.
American Express National Bank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: American Express National Bank experienced a data breach on **February 19, 2025**, resulting in the **inadvertent exposure of personal information** to an unauthorized third party. While the exact nature of the compromised data remains undisclosed, the incident suggests a failure in security protocols that allowed sensitive customer or employee information to be accessed without authorization. Such breaches typically raise concerns over **identity theft, financial fraud, or reputational damage**, depending on the scope of the exposed data. The lack of clarity on the specific types of information leaked (e.g., financial records, personally identifiable information, or internal documents) complicates risk assessment, but the breach inherently signals **operational vulnerabilities** within the bank’s cybersecurity framework. Customers may face heightened scrutiny over potential misuse of their data, while the bank could encounter **regulatory penalties, loss of trust, and financial liabilities** tied to remediation efforts. The incident underscores the critical need for robust data protection measures, particularly in financial institutions handling high volumes of sensitive transactions.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 23, 2013. The breach occurred on January 15, 2013, and involved unauthorized access to a payment processing service, potentially exposing account information of some Cardmembers including names, card numbers, expiration dates, and security codes, although Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on February 23, 2016. The breach involved illegally obtained personal and account information that may have included Card Members' account numbers and personal details; however, the exact information compromised is currently unknown.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 27, 2015. The breach occurred on February 1, 2015, involving unauthorized access to a payment processing system, potentially affecting account information of Cardmembers, including names and Card account numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 6, 2014. The breach occurred on July 6, 2013 and involved unauthorized access to merchant data files, affecting customer American Express Card numbers and other card information, although Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach by American Express Travel Related Services Company, Inc. on January 7, 2016. The breach occurred on October 18, 2014, involving unauthorized access to merchant data files that potentially included customer names, American Express Card account numbers, and expiration dates. The exact number of affected individuals and other specific details are unknown.
American Express
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: An unknown hacker leaked the personal data of about 10,000 American Express credit cardholders. The leaked data include account numbers, names, full addresses, phone numbers, date of birth, gender, and other personally identifiable information. Amex immediately took action and alerted the affected customers to be alerted for any fraudulent activities.
American Express
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: American Express is alerting customers to the possibility that a security compromise at a third-party service provider has exposed their payment card information. American Express claims that hackers may have taken data connected to cards that were issued in the past or are now in use. Account numbers, names, and expiration dates are among the pieces of information that were obtained by unauthorised individuals. The business clarifies that this event did not affect any systems owned or controlled by American Express, and that this alert is being sent merely as a precaution. American Express emphasised that the incident had no effect on its financial systems and that it continues to monitor fraudulent activity that could potentially harm cardholders in order to prevent exploitation.
American Express Travel Related Services Company
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company on November 18, 2022. The breach occurred on July 26, 2022, when a third-party service provider was victimized by a cyber attack, potentially impacting customer information, though specific details about the compromised data are unknown.
American Express Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for American Express
Incidents vs Financial Services Industry Average (This Year)
American Express has 28.21% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
American Express has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types American Express vs Financial Services Industry Avg (This Year)
American Express reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — American Express (X = Date, Y = Severity)
American Express cyber incidents detection timeline including parent company and subsidiaries
American Express Company Subsidiaries
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly striving to uphold our powerful backing promise to our customers and each other every day. These beliefs have been our North Star for 170 years as our business transformed – from helping evacuate travelers during World Wars, to ensuring the safety of our customers’ funds during the Great Depression in the U.S., to creating the Shop Small® movement to help small businesses recover from the Financial Crisis, to providing aid to communities impacted by many natural disasters and so much more. For generations, the key to our success has been the determination and resilience of our American Express colleagues. Now, as a globally integrated payments company, we work together to provide customers with access to products, insights and world-class experiences that enrich lives and build business success. Join us and let’s lead the way together. Learn more about us at: https://www.americanexpress.com/careers https://www.americanexpress.com/ https://www.facebook.com/AmericanExpressUS https://www.instagram.com/americanexpress/ https://twitter.com/americanexpress https://www.youtube.com/user/AmericanExpress See our community guidelines at: https://www.americanexpress.com/en-us/company/community-guidelines/ If you have a customer service issue or question, please visit www.americanexpress.com/contactus
Loading...
American Express Similar Companies
MassMutual
Living mutual has always been at the core of our human existence, and it's the principle that's guided us since our founding in 1851. It's not a concept we invented, but one we champion for the simple reason that people take it for granted today. While the world would have us strive for independenc
Charles Schwab
Charles Schwab is a different kind of investment services firm – one that strives to disrupt the status quo of the traditional Wall Street approach on behalf of our clients. We believe today, as we did on Day 1, that when you find ways to improve the investing experience for your clients, then busin
LOLC Holdings PLC
A formidable global conglomerate, LOLC Holdings has strategically diversified into key economic growth sectors across financial services, leisure, agriculture and plantations, construction and real estate, manufacturing and trading, technology, research and innovation and strategic investments. The
Transamerica
Longer lifespans are changing the way we exist. Instead of the traditional stages of learn, work, and retire, we now have the potential for a more fulfilling, multi-stage life. With this opportunity comes the need to plan for it. We enable financial professionals, brokers, agents, advisors, and empl
Grupo Salinas
Grupo Salinas es un conjunto de empresas dinámicas, que se caracterizan por la evolución constante y la innovación, enfocadas en la creación de valor económico, social y ambiental. Estamos en industrias diversas como comercio especializado, servicios financieros, telecomunicaciones y medios de com
NN Group
NN Group is an international financial services company, active in 10 countries, with a strong presence in a number of European countries and Japan. Our roots lie in the Netherlands, with a rich history of more than 175 years. With our 16,000 employees, NN Group provides retirement services, pensio
Otkritie
OTKRITIE Financial Corporation is one of the most dynamic and fastest growing investment banks in Russia. The company has been operating on the stock market as a broker, asset manager, financial advisor and investment bank since 1995. OTKRITIE FC has become a trusted partner for many Russian and int
Barclays
Barclays is a British universal bank. Our vision is to be the UK-centred leader in global finance. We are a diversified bank with comprehensive UK consumer, corporate and wealth and private banking franchises, a leading investment bank and a strong, specialist US consumer bank. Through these five di
From gaining new experiences in different roles to acquiring fresh knowledge and skills – at UBS we believe that you should never stop growing and learning because life never stops teaching. We know that it's our people – with their unique backgrounds, skills, experience levels and interests – who d
.png)
American Express CyberSecurity News
October 18, 2025 07:00 AM
Inside one man’s mission to reveal the truth about American Express
Smith complained internally and even reached out to Amex's individual lawyers on LinkedIn, desperate to draw their attention to what he...
October 15, 2025 07:00 AM
‘Sensitive personal information’: Leaked report reveals American Express security failures
The privacy watchdog wants American Express to overhaul its technology systems after a lengthy investigation found they were exposed to...
October 06, 2025 07:00 AM
Hackers steal sensitive Red Hat customer data after breaching GitLab repository
Walmart, American Express and HSBC are among the companies that have had sensitive data exposed.
October 03, 2025 07:00 AM
Red Hat GitLab Data Breach: The Crimson Collective's Attack
This breach exposed 570GB of data from 28000 repositories, affecting 800+ organizations. Crimson Collective leaked Customer Engagement...
September 15, 2025 07:00 AM
American Express Launches Blockchain “Travel Stamps” to Enrich Digital Journeys
American Express has taken a significant step into the blockchain space with the launch of its new digital “travel stamps” — a novel feature...
July 24, 2025 07:00 AM
American Express Company (AXP):”You Could Have Estimates Go Up And Up That You End Up With” Amex, Says Jim Cramer
American Express Company (NYSE:AXP) is a major travel and payments firm in America.
July 17, 2025 07:00 AM
American Express’s AI Strategy: Analysis of AI Dominance in Financial Services
American Express's AI strategy builds dominance by leveraging its closed-loop network to generate proprietary transaction intelligence at...
June 16, 2025 07:00 AM
HUB Cyber Security Appoints Former PayPal and American Express Executive Paul Parisi as its Global Chief Revenue Officer
TEL AVIV, Israel, June 16, 2025 (GLOBE NEWSWIRE) -- HUB Cyber Security Ltd. (Nasdaq: HUBC) (“HUB” or the “Company”), a global leader in zero-...
June 16, 2025 07:00 AM
Former PayPal, Amex Executive Who Doubled Canadian Revenue Takes Global CRO Role at HUB Security
PayPal Canada's former president brings 25-year track record of scaling institutional platforms to lead HUB's North American expansion.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
American Express CyberSecurity History Information
Official Website of American Express
The official website of American Express is https://www.americanexpress.com/.
American Express’s AI-Generated Cybersecurity Score
According to Rankiteo, American Express’s AI-generated cybersecurity score is 675, reflecting their Weak security posture.
How many security badges does American Express’ have ?
According to Rankiteo, American Express currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does American Express have SOC 2 Type 1 certification ?
According to Rankiteo, American Express is not certified under SOC 2 Type 1.
Does American Express have SOC 2 Type 2 certification ?
According to Rankiteo, American Express does not hold a SOC 2 Type 2 certification.
Does American Express comply with GDPR ?
According to Rankiteo, American Express is not listed as GDPR compliant.
Does American Express have PCI DSS certification ?
According to Rankiteo, American Express does not currently maintain PCI DSS compliance.
Does American Express comply with HIPAA ?
According to Rankiteo, American Express is not compliant with HIPAA regulations.
Does American Express have ISO 27001 certification ?
According to Rankiteo,American Express is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of American Express
American Express operates primarily in the Financial Services industry.
Number of Employees at American Express
American Express employs approximately 79,764 people worldwide.
Subsidiaries Owned by American Express
American Express presently has no subsidiaries across any sectors.
American Express’s LinkedIn Followers
American Express’s official LinkedIn profile has approximately 2,809,257 followers.
NAICS Classification of American Express
American Express is classified under the NAICS code 52, which corresponds to Finance and Insurance.
American Express’s Presence on Crunchbase
No, American Express does not have a profile on Crunchbase.
American Express’s Presence on LinkedIn
Yes, American Express maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/american-express.
Cybersecurity Incidents Involving American Express
As of November 27, 2025, Rankiteo reports that American Express has experienced 64 cybersecurity incidents.
Number of Peer and Competitor Companies
American Express has an estimated 29,513 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at American Express ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does American Express detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with alerted affected customers to monitor for fraudulent activities, and communication strategy with alerting customers as a precaution, and enhanced monitoring with continuous monitoring for fraudulent activity, and and and law enforcement notified with yes (california office of the attorney general), and law enforcement notified with yes (california attorney general), and communication strategy with public disclosure via california office of the attorney general, and communication strategy with public disclosure via california office of the attorney general, and law enforcement notified with yes (california office of the attorney general), and communication strategy with notification letters sent to affected parties..
Incident Details
Can you provide details on each incident ?
Title: American Express Data Leak
Description: An unknown hacker leaked the personal data of about 10,000 American Express credit cardholders. The leaked data include account numbers, names, full addresses, phone numbers, date of birth, gender, and other personally identifiable information. Amex immediately took action and alerted the affected customers to be alerted for any fraudulent activities.
Type: Data Breach
Attack Vector: Unknown
Threat Actor: Unknown Hacker
Title: American Express Data Breach
Description: American Express is alerting customers to the possibility that a security compromise at a third-party service provider has exposed their payment card information.
Type: Data Breach
Attack Vector: Third-party service provider compromise
Threat Actor: Unauthorized individuals
Title: American Express Travel Related Services Company, Inc. Data Breach
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach on July 7, 2020, involving American Express Travel Related Services Company, Inc. The breach affected 1 resident and involved compromised electronic records including credit and debit numbers.
Date Publicly Disclosed: 2020-07-07
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on January 26, 2016. The breach occurred on September 23, 2015, affecting certain Card Members' account information, including account numbers and names. The specific number of individuals affected is unknown.
Date Detected: 2016-01-26
Date Publicly Disclosed: 2016-01-26
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach concerning American Express Travel Related Services Company, Inc. on March 25, 2013. The recovered data included American Express Card information, although specific details regarding the number of affected individuals and the method of breach were not available.
Date Publicly Disclosed: 2013-03-25
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to merchant data files that potentially included customer names, American Express Card account numbers, and expiration dates.
Date Detected: 2016-01-07
Date Publicly Disclosed: 2016-01-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a payment processing service, potentially exposing account information of some Cardmembers including names, card numbers, expiration dates, and security codes.
Date Detected: 2013-01-15
Date Publicly Disclosed: 2013-08-23
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on March 1, 2013, that American Express experienced a data breach involving its Cardmembers' information being recovered during a law enforcement investigation. The breach reportedly included American Express Card account numbers and names, but did not compromise Social Security numbers.
Date Detected: 2013-03-01
Date Publicly Disclosed: 2013-03-01
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to data files exposing Card account numbers, names, and expiration dates.
Date Detected: 2012-02-02
Date Publicly Disclosed: 2012-09-11
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on July 12, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach resulting in the recovery of American Express Card information, including account numbers, names, and expiration dates. Social Security numbers were not impacted, and there was no indication of unauthorized activity.
Date Detected: 2012-07-12
Date Publicly Disclosed: 2012-07-12
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates (AXP) on November 30, 2012. The recovered data reportedly included American Express Card account numbers, names, expiration dates, and Social Security numbers, but the exact number of individuals affected and the specific method of the breach are unknown.
Date Detected: 2012-11-30
Date Publicly Disclosed: 2012-11-30
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on January 16, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach that occurred on November 1, 2012. The breach potentially involved unauthorized access to data files containing American Express Card account numbers, names, and other card information, but Social Security numbers were not impacted.
Date Detected: 2014-01-16
Date Publicly Disclosed: 2014-01-16
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 27, 2014. The breach is related to the recovery of American Express Card information, but the exact method of the breach and the number of individuals affected is unknown.
Date Detected: 2014-08-27
Date Publicly Disclosed: 2014-08-27
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on September 24, 2014. The notification letter indicated that the breach involved exposure of American Express Card information but confirmed that Social Security numbers were not impacted.
Date Detected: 2014-09-24
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a payment processing system, potentially affecting account information of Cardmembers, including names and Card account numbers.
Date Detected: 2015-07-27
Date Publicly Disclosed: 2015-07-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other Card information.
Date Detected: 2011-02-15
Date Publicly Disclosed: 2015-07-21
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Security Incident
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data security incident involving the potential illegal acquisition of personal and account information of Card Members.
Date Publicly Disclosed: 2014-11-07
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on April 4, 2013. The breach occurred on January 17, 2013, and potentially exposed American Express Card account numbers, names, and expiration dates; however, Social Security numbers were not impacted. The number of individuals affected is currently unknown.
Date Detected: 2013-01-17
Date Publicly Disclosed: 2013-04-04
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's data files, exposing American Express Card account numbers, names, and expiration dates.
Date Detected: 2012-04-02
Date Publicly Disclosed: 2012-09-13
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 2, 2014, which potentially compromised account information of an unknown number of Card Members. The breach was reported on January 28, 2016, and involved compromised card numbers, names, and expiration dates.
Date Detected: 2014-06-02
Date Publicly Disclosed: 2016-01-28
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to merchant data files affecting American Express Card numbers and other card information.
Date Detected: 2014-08-06
Date Publicly Disclosed: 2014-08-06
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 3, 2012. The breach involved unauthorized access to a merchant's website files which potentially exposed American Express Card account numbers, names, and other card information, affecting an unspecified number of individuals.
Date Detected: 2012-06-03
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company on November 18, 2022. The breach occurred on July 26, 2022, when a third-party service provider was victimized by a cyber attack, potentially impacting customer information, though specific details about the compromised data are unknown.
Date Detected: 2022-07-26
Date Publicly Disclosed: 2022-11-18
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a payment processing system, potentially exposing account information for some Card Members, including names and addresses, but not Social Security numbers.
Date Publicly Disclosed: 2015-07-22
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website files potentially exposed American Express Card account numbers and names.
Date Detected: 2013-05-28
Date Publicly Disclosed: 2013-12-12
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on April 1, 2014. The breach involved the recovery of American Express Card information, including account numbers and names, but not Social Security numbers. The specific number of individuals affected is unknown.
Date Detected: 2014-04-01
Date Publicly Disclosed: 2014-04-01
Type: Data Breach
Title: American Express Data Breach
Description: The incident involved the recovery of American Express Card account information, including card numbers and expiration dates; however, Social Security numbers were not affected.
Date Publicly Disclosed: 2013-09-23
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's data files, affecting cardholder information such as cancelled card numbers and names, but no Social Security numbers were impacted.
Date Detected: 2015-01-20
Date Publicly Disclosed: 2015-07-24
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on July 3, 2013. The breach involved the recovery of American Express Card information, including account numbers, names, and Social Security numbers, although the breach date was not specified.
Date Publicly Disclosed: 2013-07-03
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on April 9, 2013, which was reported on May 2, 2013. The breach involved the recovery of American Express Card information, including account numbers and names, but Social Security numbers were not impacted.
Date Detected: 2013-04-09
Date Publicly Disclosed: 2013-05-02
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on January 7, 2014, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach involving the recovery of American Express Card information. The breach included card account numbers and names but did not compromise Social Security numbers, and no specific number of individuals affected was provided.
Date Publicly Disclosed: 2014-01-07
Type: Data Breach
Title: American Express Data Breach
Description: Unauthorized access to a merchant's data files, exposing American Express Card account numbers and other card information of customers.
Date Detected: 2013-12-04
Date Publicly Disclosed: 2013-12-04
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on October 10, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach involving American Express Card information. The affected data included Card account numbers, names, and expiration dates, but Social Security numbers were not compromised; the specific number of individuals affected is unknown.
Date Publicly Disclosed: 2012-10-10
Type: Data Breach
Title: American Express Data Breach
Description: A data breach involving American Express Travel Related Services Company, Inc. compromised account information of some cardholders, including card numbers and names.
Date Detected: 2016-03-10
Date Publicly Disclosed: 2016-03-10
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a merchant's website potentially exposed Cardmembers' American Express Card account numbers, names, and other card information.
Date Detected: 2014-04-12
Date Publicly Disclosed: 2015-08-26
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on November 6, 2012, affecting potentially compromised American Express Card account information. The breach occurred on November 6, 2011, and while card account numbers and card expiration dates were impacted, Social Security numbers were not compromised. The specific number of affected individuals remains unknown.
Date Detected: 2012-11-06
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to merchant data files potentially exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers.
Date Detected: 2012-08-14
Date Publicly Disclosed: 2012-08-14
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on March 22, 2015, which affected Card Members' account information. The breach was reported on January 7, 2016, and involved unauthorized access to a third-party service provider's system, but specifics about the number of individuals affected were not provided.
Date Detected: 2015-03-22
Date Publicly Disclosed: 2016-01-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on February 23, 2016. The breach involved illegally obtained personal and account information that may have included Card Members' account numbers and personal details; however, the exact information compromised is currently unknown.
Date Detected: 2016-02-23
Date Publicly Disclosed: 2016-02-23
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to data files that included Card account numbers and holder names, but Social Security numbers were not impacted.
Date Detected: 2013-02-01
Date Publicly Disclosed: 2013-07-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on December 29, 2013. The breach involved the recovery of American Express Card account information, specifically card numbers and names, but Social Security numbers were not impacted. The exact number of affected individuals is unknown.
Date Detected: 2013-12-29
Date Publicly Disclosed: 2013-12-29
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: A data breach involving American Express Travel Related Services Company, Inc. occurred on December 30, 2014, compromising card account numbers, names, and other card information of affected individuals.
Date Detected: 2014-12-30
Date Publicly Disclosed: 2015-09-08
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 27, 2016. The breach occurred on April 23, 2015, due to unauthorized access to a third-party service provider, potentially compromising the account information of some Card Members, including names and card numbers.
Date Detected: 2016-01-27
Date Publicly Disclosed: 2016-01-27
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Third-party service provider
Title: American Express Travel Related Services Company Data Breach
Description: A data breach involving American Express Travel Related Services Company, Inc. was reported by the California Office of the Attorney General on August 28, 2015. The breach involved a merchant theft that potentially exposed American Express Card account numbers, names, and Card information, but did not compromise Social Security numbers.
Date Publicly Disclosed: 2015-08-28
Type: Data Breach
Attack Vector: Merchant Theft
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's website files compromising American Express card account numbers, names, and other card information.
Date Detected: 2014-10-01
Date Publicly Disclosed: 2014-10-01
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other card information, but not Social Security numbers.
Date Detected: 2011-03-13
Date Publicly Disclosed: 2014-08-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a merchant's website compromised American Express Card account numbers and names.
Date Detected: 2012-12-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's website files potentially affected American Express Card account numbers and other card information, but Social Security numbers were not impacted.
Date Detected: 2015-01-15
Date Publicly Disclosed: 2015-01-15
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website potentially exposed American Express Card account numbers and names.
Date Detected: 2011-07-11
Date Publicly Disclosed: 2014-12-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on September 5, 2012. The affected data included American Express Card account numbers, names, and expiration dates, but the specific date of the breach is unknown.
Date Publicly Disclosed: 2012-09-05
Type: Data Breach
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers and other card information.
Date Detected: 2012-01-17
Date Publicly Disclosed: 2013-08-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on May 21, 2012. The breach potentially exposed American Express Card account numbers, names, and expiration dates, affecting an unknown number of individuals. However, Social Security numbers were not compromised.
Date Detected: 2012-05-21
Type: Data Breach
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website resulting in a data breach involving American Express Card account numbers, names, and expiration dates.
Date Detected: 2012-08-03
Date Publicly Disclosed: 2012-11-20
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to customer data files was detected, potentially exposing American Express Card account numbers and other related information.
Date Detected: 2014-05-19
Date Publicly Disclosed: 2015-09-25
Type: Data Breach
Title: American Express Data Breach
Description: American Express Travel Related Services Company, Inc. experienced a data breach wherein American Express Card information, including account numbers and names, was recovered during a law enforcement investigation.
Date Publicly Disclosed: 2014-07-25
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Company experienced a data breach on November 2, 2014, affecting customer account information. The breach notification was reported on May 1, 2015, with compromised information potentially including customer names, card account numbers, and card expiration dates, while Social Security numbers were not impacted.
Date Detected: 2014-11-02
Date Publicly Disclosed: 2015-05-01
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on December 12, 2012. The breach occurred on November 1, 2010, and resulted in unauthorized access to a merchant's website, potentially compromising American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2012-12-12
Date Publicly Disclosed: 2012-12-12
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express National Bank Data Breach - February 2025
Description: The American Express National Bank reported a data breach involving a security incident that occurred on February 19, 2025, which resulted in the inadvertent disclosure of personal information to an unauthorized third party. The specific types of information compromised are currently unknown.
Type: Data Breach
Title: American Express Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on May 29, 2014. The breach potentially exposed American Express Card account information, including the card account number and expiration date, but Social Security numbers were not impacted. The specific date of the breach and the number of affected individuals are unknown.
Date Publicly Disclosed: 2014-05-29
Type: Data Breach
Title: American Express Data Breach (2011-2013)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company Inc. on February 5, 2013. The breach occurred on December 30, 2011, potentially affecting Cardmember account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2011-12-30
Date Publicly Disclosed: 2013-02-05
Type: Data Breach
Title: American Express Data Breach via Merchant Website (2012)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred due to unauthorized access to a merchant's website, compromising American Express Card account numbers, names, and other card information (excluding Social Security numbers). The number of affected individuals remains unknown.
Date Detected: 2012-08-24
Date Publicly Disclosed: 2013-02-19
Type: data breach
Attack Vector: unauthorized access to third-party merchant website
Title: American Express Data Breach (2008)
Description: The California Office of the Attorney General reported a data breach by American Express Travel Related Services Company, Inc. on November 12, 2015. The breach occurred on May 5, 2008, due to unauthorized access to a merchant's data files, potentially exposing American Express Card account numbers and related information, while Social Security numbers were not impacted. The number of affected individuals is unknown.
Date Detected: 2008-05-05
Date Publicly Disclosed: 2015-11-12
Type: Data Breach
Attack Vector: Unauthorized access to merchant's data files
Title: American Express Data Breach via Third-Party Service Provider
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. and/or its Affiliates. The breach occurred due to unauthorized access to a third-party service provider's system, potentially compromising American Express Card account numbers, names, and card information of some Card Members.
Date Publicly Disclosed: 2016-01-26
Type: Data Breach
Attack Vector: Third-Party Compromise
Title: American Express Merchant Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach incident involving American Express Travel Related Services Company, Inc and/or its Affiliates. Unauthorized access to a merchant's data files may have exposed American Express Card account numbers and Card information, but did not affect Social Security numbers.
Date Publicly Disclosed: 2014-12-19
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party service provider's system.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AME234915422
Data Compromised: Account numbers, Names, Full addresses, Phone numbers, Date of birth, Gender
Incident : Data Breach AME1751261023
Data Compromised: Account numbers, Names, Expiration dates
Payment Information Risk: True
Incident : Data Breach AME637071625
Data Compromised: Credit and debit numbers
Incident : Data Breach AME435072425
Data Compromised: Account numbers, Names
Incident : Data Breach AME734072525
Data Compromised: American express card information
Incident : Data Breach AME844072525
Data Compromised: Customer names, American express card account numbers, Expiration dates
Incident : Data Breach AME315072525
Data Compromised: Names, Card numbers, Expiration dates, Security codes
Payment Information Risk: True
Incident : Data Breach AME519072525
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME336072625
Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME425072625
Data Compromised: Account numbers, Names, Expiration dates
Incident : Data Breach AME601072625
Data Compromised: American express card account numbers, Names, Expiration dates, Social security numbers
Incident : Data Breach AME832072625
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME908072625
Data Compromised: American express card information
Incident : Data Breach AME217072625
Data Compromised: American express card information
Incident : Data Breach AME317072625
Data Compromised: Names, Card account numbers
Systems Affected: Payment processing system
Incident : Data Breach AME446072625
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME602072625
Data Compromised: Personal information, Account information
Incident : Data Breach AME659072625
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME957072625
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME443072625
Data Compromised: Card numbers, Names, Expiration dates
Incident : Data Breach AME511072625
Data Compromised: American express card numbers, Other card information
Incident : Data Breach AME159072725
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME441072725
Data Compromised: Names, Addresses
Systems Affected: Payment Processing System
Incident : Data Breach AME506072725
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME522072725
Data Compromised: Account numbers, Names
Incident : Data Breach AME617072725
Data Compromised: Card numbers, Expiration dates
Payment Information Risk: True
Incident : Data Breach AME949072725
Data Compromised: Cancelled card numbers, Names
Incident : Data Breach AME955072725
Data Compromised: Account numbers, Names, Social security numbers
Incident : Data Breach AME203072725
Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME306072725
Data Compromised: Card account numbers, Names
Incident : Data Breach AME411072725
Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME505072725
Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME514072725
Data Compromised: Card numbers, Names
Incident : Data Breach AME223072725
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME401072725
Data Compromised: Card account numbers, Card expiration dates
Incident : Data Breach AME218072825
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME701072825
Data Compromised: Card Members' account information
Incident : Data Breach AME157072825
Data Compromised: Card members' account numbers, Personal details
Incident : Data Breach AME342072825
Data Compromised: Card account numbers, Holder names
Incident : Data Breach AME346072825
Data Compromised: Card numbers, Names
Incident : Data Breach AME513072825
Data Compromised: Card account number, Name, Other card information
Incident : Data Breach AME824072825
Data Compromised: Account information, Names, Card numbers
Incident : Data Breach AME120072925
Data Compromised: American express card account numbers, Names, Card information
Incident : Data Breach AME201072925
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME245072925
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME527072925
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME949080425
Data Compromised: American express card account numbers, Other card information
Payment Information Risk: True
Incident : Data Breach AME209080425
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME518080425
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME706080425
Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME223080425
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME355080425
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME518080425
Data Compromised: American express card account numbers, Other related information
Incident : Data Breach AME528080425
Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME232080525
Data Compromised: Customer names, Card account numbers, Card expiration dates
Incident : Data Breach AME413080525
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME038090625
Data Compromised: Unknown (personal information)
Identity Theft Risk: Potential (due to personal information exposure)
Incident : Data Breach AME041090625
Data Compromised: Card account number, Expiration date
Identity Theft Risk: Low (no Social Security numbers impacted)
Payment Information Risk: High (card account details exposed)
Incident : Data Breach AME954091725
Data Compromised: Cardmember account numbers, Names, Expiration dates
Identity Theft Risk: Low (no Social Security numbers compromised)
Payment Information Risk: High (account numbers and expiration dates exposed)
Incident : data breach AME956091725
Data Compromised: Card account numbers, Cardholder names, Other card information (excluding ssns)
Systems Affected: merchant's website
Identity Theft Risk: potential (card information exposed)
Payment Information Risk: high (card account numbers compromised)
Incident : Data Breach AME1005091725
Data Compromised: American express card account numbers, Related information
Payment Information Risk: American Express Card account numbers
Incident : Data Breach AME001091825
Data Compromised: American express card account numbers, Names, Card information
Systems Affected: Third-party service provider's system
Identity Theft Risk: Potential
Payment Information Risk: High
Incident : Data Breach AME028091825
Data Compromised: American express card account numbers, Card information
Identity Theft Risk: Low (no Social Security numbers exposed)
Payment Information Risk: High (Card account numbers and information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Account Numbers, Names, Expiration Dates, , Credit And Debit Numbers, , Account Numbers, Names, , Payment Card Information, Customer Names, American Express Card Account Numbers, Expiration Dates, , Names, Card Numbers, Expiration Dates, Security Codes, , American Express Card Account Numbers, Names, , Card Account Numbers, Names, Expiration Dates, , Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, Social Security Numbers, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Information, , American Express Card information, Names, Card Account Numbers, , American Express Card Account Numbers, Names, Other Card Information, , Personal Information, Account Information, , American Express Card Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, , Card Numbers, Names, Expiration Dates, , American Express Card Numbers, Other Card Information, , American Express Card Account Numbers, Names, Other Card Information, , Names, Addresses, , American Express Card Account Numbers, Names, , Account Numbers, Names, , Card Numbers, Expiration Dates, , Cancelled Card Numbers, Names, , Account Numbers, Names, Social Security Numbers, , American Express Card Information, Account Numbers, Names, , Card Account Numbers, Names, , American Express Card Account Numbers, Other Card Information, , Card Account Numbers, Names, Expiration Dates, , Card Numbers, Names, , American Express Card Account Numbers, Names, Other Card Information, , Card Account Numbers, Card Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, , Card Members' account information, Card Members' Account Numbers, Personal Details, , Card Account Numbers, Holder Names, , Card Numbers, Names, , Card Account Number, Name, Other Card Information, , Account Information, Names, Card Numbers, , American Express Card Account Numbers, Names, Card Information, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Account Numbers, Names, , American Express Card Account Numbers, Other Card Information, , American Express Card Account Numbers, Names, , American Express Card Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Other Card Information, , American Express Card Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Other Related Information, , American Express Card Information, Account Numbers, Names, , Customer Names, Card Account Numbers, Card Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, , Personal information (specific types unknown), Card Account Number, Expiration Date, , Cardmember Account Numbers, Names, Expiration Dates, , Payment Card Data, Personal Identifiers (Names), , American Express Card Account Numbers, Related Information, , Payment Card Data, Personally Identifiable Information (Pii), , Card Account Numbers, Card Information and .
Which entities were affected by each incident ?
Incident : Data Breach AME234915422
Entity Name: American Express
Entity Type: Financial Services
Industry: Credit Card Services
Customers Affected: 10,000
Incident : Data Breach AME1751261023
Entity Name: American Express
Entity Type: Credit Card Company
Industry: Financial Services
Incident : Data Breach AME637071625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Private Company
Industry: Financial Services
Customers Affected: 1
Incident : Data Breach AME435072425
Entity Name: American Express Travel Related Services Company, Inc
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME734072525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME844072525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME315072525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME519072525
Entity Name: American Express
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME336072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: UNKN
Incident : Data Breach AME425072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME601072625
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates (AXP)
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME832072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME908072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME217072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Location: California
Incident : Data Breach AME317072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME446072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME602072625
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME659072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME957072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME443072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: unknown number of Card Members
Incident : Data Breach AME511072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME159072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME345072725
Entity Name: American Express Travel Related Services Company
Entity Type: Company
Industry: Travel Services
Incident : Data Breach AME441072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME506072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME522072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME617072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME949072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME955072725
Entity Name: American Express Travel Related Services Company, Inc
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME203072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME306072725
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME411072725
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates (AXP)
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME505072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME514072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME223072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME401072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME218072825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME701072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME157072825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME342072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME346072825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME513072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME824072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME120072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME201072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME245072925
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME527072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: UNKN
Incident : Data Breach AME949080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME209080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME518080425
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME706080425
Entity Name: American Express Travel Related Services Company, Inc. and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME223080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: Unknown number of individuals
Incident : Data Breach AME355080425
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME518080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME528080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME232080525
Entity Name: American Express Company
Entity Type: Financial Services
Industry: Finance
Incident : Data Breach AME413080525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME038090625
Entity Name: American Express National Bank
Entity Type: Financial Institution
Industry: Banking/Financial Services
Location: United States
Incident : Data Breach AME041090625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Corporation
Industry: Financial Services
Location: United States (California)
Incident : Data Breach AME954091725
Entity Name: American Express Travel Related Services Company Inc.
Entity Type: Corporation
Industry: Financial Services
Location: United States (California)
Customers Affected: Unknown
Incident : data breach AME956091725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: financial services
Industry: payments/credit cards
Location: United States (California breach report)
Customers Affected: unknown
Incident : data breach AME956091725
Entity Name: Unnamed merchant (third-party)
Entity Type: e-commerce/retail
Incident : Data Breach AME1005091725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Financial Services
Industry: Financial Services / Credit Cards
Location: United States (California)
Customers Affected: Unknown
Incident : Data Breach AME001091825
Entity Name: American Express Travel Related Services Company, Inc. and/or its Affiliates
Entity Type: Financial Services
Industry: Payments / Credit Cards
Location: United States (California reported)
Incident : Data Breach AME001091825
Entity Name: Unnamed Third-Party Service Provider
Entity Type: Service Provider
Incident : Data Breach AME028091825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Financial Services
Industry: Payments / Credit Cards
Location: United States (California)
Incident : Data Breach AME028091825
Entity Name: Unspecified Merchant (third-party)
Entity Type: Merchant
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach AME234915422
Communication Strategy: Alerted affected customers to monitor for fraudulent activities
Incident : Data Breach AME1751261023
Communication Strategy: Alerting customers as a precaution
Enhanced Monitoring: Continuous monitoring for fraudulent activity
Incident : Data Breach AME519072525
Incident : Data Breach AME528080425
Incident : Data Breach AME954091725
Law Enforcement Notified: Yes (California Office of the Attorney General)
Incident : data breach AME956091725
Law Enforcement Notified: yes (California Attorney General)
Incident : Data Breach AME1005091725
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach AME001091825
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach AME028091825
Law Enforcement Notified: Yes (California Office of the Attorney General)
Communication Strategy: Notification letters sent to affected parties
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AME234915422
Type of Data Compromised: Personal information
Number of Records Exposed: 10,000
Sensitivity of Data: High
Personally Identifiable Information: Account numbersNamesFull addressesPhone numbersDate of birthGender
Incident : Data Breach AME1751261023
Type of Data Compromised: Account numbers, Names, Expiration dates
Sensitivity of Data: High
Incident : Data Breach AME637071625
Type of Data Compromised: Credit and debit numbers
Number of Records Exposed: 1
Incident : Data Breach AME435072425
Type of Data Compromised: Account numbers, Names
Incident : Data Breach AME734072525
Type of Data Compromised: Payment Card Information
Incident : Data Breach AME844072525
Type of Data Compromised: Customer names, American express card account numbers, Expiration dates
Incident : Data Breach AME315072525
Type of Data Compromised: Names, Card numbers, Expiration dates, Security codes
Sensitivity of Data: High
Incident : Data Breach AME519072525
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME336072625
Type of Data Compromised: Card account numbers, Names, Expiration dates
Number of Records Exposed: UNKN
Incident : Data Breach AME425072625
Type of Data Compromised: Account numbers, Names, Expiration dates
Incident : Data Breach AME601072625
Type of Data Compromised: American express card account numbers, Names, Expiration dates, Social security numbers
Sensitivity of Data: High
Incident : Data Breach AME832072625
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME908072625
Type of Data Compromised: American express card information
Incident : Data Breach AME217072625
Type of Data Compromised: American Express Card information
Incident : Data Breach AME317072625
Type of Data Compromised: Names, Card account numbers
Incident : Data Breach AME446072625
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME602072625
Type of Data Compromised: Personal information, Account information
Incident : Data Breach AME659072625
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME957072625
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME443072625
Type of Data Compromised: Card numbers, Names, Expiration dates
Number of Records Exposed: unknown
Incident : Data Breach AME511072625
Type of Data Compromised: American express card numbers, Other card information
Incident : Data Breach AME159072725
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME441072725
Type of Data Compromised: Names, Addresses
Personally Identifiable Information: NamesAddresses
Incident : Data Breach AME506072725
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME522072725
Type of Data Compromised: Account numbers, Names
Incident : Data Breach AME617072725
Type of Data Compromised: Card numbers, Expiration dates
Sensitivity of Data: High
Incident : Data Breach AME949072725
Type of Data Compromised: Cancelled card numbers, Names
Incident : Data Breach AME955072725
Type of Data Compromised: Account numbers, Names, Social security numbers
Sensitivity of Data: High
Incident : Data Breach AME203072725
Type of Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME306072725
Type of Data Compromised: Card account numbers, Names
Incident : Data Breach AME411072725
Type of Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME505072725
Type of Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME514072725
Type of Data Compromised: Card numbers, Names
Incident : Data Breach AME223072725
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME401072725
Type of Data Compromised: Card account numbers, Card expiration dates
Incident : Data Breach AME218072825
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME701072825
Type of Data Compromised: Card Members' account information
Incident : Data Breach AME157072825
Type of Data Compromised: Card members' account numbers, Personal details
Incident : Data Breach AME342072825
Type of Data Compromised: Card account numbers, Holder names
Incident : Data Breach AME346072825
Type of Data Compromised: Card numbers, Names
Incident : Data Breach AME513072825
Type of Data Compromised: Card account number, Name, Other card information
Incident : Data Breach AME824072825
Type of Data Compromised: Account information, Names, Card numbers
Incident : Data Breach AME120072925
Type of Data Compromised: American express card account numbers, Names, Card information
Incident : Data Breach AME201072925
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME245072925
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME527072925
Type of Data Compromised: American express card account numbers, Names
Number of Records Exposed: UNKN
Incident : Data Breach AME949080425
Type of Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME209080425
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME518080425
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME706080425
Type of Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME223080425
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Number of Records Exposed: Unknown
Incident : Data Breach AME355080425
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME518080425
Type of Data Compromised: American express card account numbers, Other related information
Incident : Data Breach AME528080425
Type of Data Compromised: American express card information, Account numbers, Names
Personally Identifiable Information: names
Incident : Data Breach AME232080525
Type of Data Compromised: Customer names, Card account numbers, Card expiration dates
Incident : Data Breach AME413080525
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME038090625
Type of Data Compromised: Personal information (specific types unknown)
Data Exfiltration: Yes (inadvertent disclosure to unauthorized third party)
Personally Identifiable Information: Yes (unspecified)
Incident : Data Breach AME041090625
Type of Data Compromised: Card account number, Expiration date
Sensitivity of Data: High (payment card details)
Personally Identifiable Information: No (Social Security numbers not impacted)
Incident : Data Breach AME954091725
Type of Data Compromised: Cardmember account numbers, Names, Expiration dates
Number of Records Exposed: Unknown
Sensitivity of Data: High (payment card details)
Personally Identifiable Information: names
Incident : data breach AME956091725
Type of Data Compromised: Payment card data, Personal identifiers (names)
Number of Records Exposed: unknown
Sensitivity of Data: high (payment card details)
Data Exfiltration: yes
Personally Identifiable Information: partial (names only, no SSNs)
Incident : Data Breach AME1005091725
Type of Data Compromised: American express card account numbers, Related information
Number of Records Exposed: Unknown
Sensitivity of Data: Moderate (payment card data, no SSNs)
Personally Identifiable Information: No (Social Security numbers not impacted)
Incident : Data Breach AME001091825
Type of Data Compromised: Payment card data, Personally identifiable information (pii)
Sensitivity of Data: High
Data Exfiltration: Potential
Personally Identifiable Information: NamesCard account numbers
Incident : Data Breach AME028091825
Type of Data Compromised: Card account numbers, Card information
Sensitivity of Data: High (payment card data)
Data Exfiltration: Likely (unauthorized access to merchant's data files)
Personally Identifiable Information: No (Social Security numbers not affected)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach AME041090625
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME954091725
Regulatory Notifications: California Office of the Attorney General
Incident : data breach AME956091725
Regulatory Notifications: yes (California Attorney General)
Incident : Data Breach AME1005091725
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME001091825
Regulations Violated: Potential violation of California data breach notification laws (e.g., CCPA precursor),
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME028091825
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach AME637071625
Source: Massachusetts Office of Consumer Affairs and Business Regulation
Incident : Data Breach AME435072425
Source: California Office of the Attorney General
Date Accessed: 2016-01-26
Incident : Data Breach AME734072525
Source: California Office of the Attorney General
Incident : Data Breach AME844072525
Source: California Office of the Attorney General
Date Accessed: 2016-01-07
Incident : Data Breach AME315072525
Source: California Office of the Attorney General
Incident : Data Breach AME519072525
Source: California Office of the Attorney General
Date Accessed: 2013-03-01
Incident : Data Breach AME336072625
Source: California Office of the Attorney General
Date Accessed: 2012-09-11
Incident : Data Breach AME425072625
Source: California Office of the Attorney General
Date Accessed: 2012-07-12
Incident : Data Breach AME601072625
Source: California Office of the Attorney General
Date Accessed: 2012-11-30
Incident : Data Breach AME832072625
Source: California Office of the Attorney General
Date Accessed: 2014-01-16
Incident : Data Breach AME908072625
Source: California Office of the Attorney General
Date Accessed: 2014-08-27
Incident : Data Breach AME217072625
Source: California Office of the Attorney General
Incident : Data Breach AME317072625
Source: California Office of the Attorney General
Date Accessed: 2015-07-27
Incident : Data Breach AME446072625
Source: California Office of the Attorney General
Date Accessed: 2015-07-21
Incident : Data Breach AME602072625
Source: California Office of the Attorney General
Date Accessed: 2014-11-07
Incident : Data Breach AME659072625
Source: California Office of the Attorney General
Incident : Data Breach AME957072625
Source: California Office of the Attorney General
Incident : Data Breach AME443072625
Source: California Office of the Attorney General
Incident : Data Breach AME511072625
Source: California Office of the Attorney General
Date Accessed: 2014-08-06
Incident : Data Breach AME159072725
Source: California Office of the Attorney General
Incident : Data Breach AME345072725
Source: California Office of the Attorney General
Date Accessed: 2022-11-18
Incident : Data Breach AME441072725
Source: California Office of the Attorney General
Incident : Data Breach AME506072725
Source: California Office of the Attorney General
Date Accessed: 2013-12-12
Incident : Data Breach AME522072725
Source: California Office of the Attorney General
Date Accessed: 2014-04-01
Incident : Data Breach AME617072725
Source: California Office of the Attorney General
Date Accessed: 2013-09-23
Incident : Data Breach AME949072725
Source: California Office of the Attorney General
Incident : Data Breach AME955072725
Source: California Office of the Attorney General
Date Accessed: 2013-07-03
Incident : Data Breach AME203072725
Source: California Office of the Attorney General
Incident : Data Breach AME306072725
Source: California Office of the Attorney General
Date Accessed: 2014-01-07
Incident : Data Breach AME411072725
Source: California Office of the Attorney General
Date Accessed: 2013-12-04
Incident : Data Breach AME505072725
Source: California Office of the Attorney General
Date Accessed: 2012-10-10
Incident : Data Breach AME514072725
Source: California Office of the Attorney General
Date Accessed: 2016-03-10
Incident : Data Breach AME223072725
Source: California Office of the Attorney General
Incident : Data Breach AME401072725
Source: California Office of the Attorney General
Incident : Data Breach AME218072825
Source: California Office of the Attorney General
Date Accessed: 2012-08-14
Incident : Data Breach AME701072825
Source: California Office of the Attorney General
Incident : Data Breach AME157072825
Source: California Office of the Attorney General
Date Accessed: 2016-02-23
Incident : Data Breach AME342072825
Source: California Office of the Attorney General
Incident : Data Breach AME346072825
Source: California Office of the Attorney General
Date Accessed: 2013-12-29
Incident : Data Breach AME513072825
Source: California Office of the Attorney General
Date Accessed: 2015-09-08
Incident : Data Breach AME824072825
Source: California Office of the Attorney General
Date Accessed: 2016-01-27
Incident : Data Breach AME120072925
Source: California Office of the Attorney General
Date Accessed: 2015-08-28
Incident : Data Breach AME201072925
Source: California Office of the Attorney General
Date Accessed: 2014-10-01
Incident : Data Breach AME245072925
Source: California Office of the Attorney General
Incident : Data Breach AME527072925
Source: California Office of the Attorney General
Incident : Data Breach AME949080425
Source: California Office of the Attorney General
Date Accessed: 2015-01-15
Incident : Data Breach AME209080425
Source: California Office of the Attorney General
Date Accessed: 2014-12-19
Incident : Data Breach AME518080425
Source: California Office of the Attorney General
Incident : Data Breach AME706080425
Source: California Office of the Attorney General
Date Accessed: 2013-08-27
Incident : Data Breach AME223080425
Source: California Office of the Attorney General
Incident : Data Breach AME355080425
Source: California Office of the Attorney General
Date Accessed: 2012-11-20
Incident : Data Breach AME518080425
Source: California Office of the Attorney General
Date Accessed: 2015-09-25
Incident : Data Breach AME528080425
Source: California Office of the Attorney General
Date Accessed: 2014-07-25
Incident : Data Breach AME232080525
Source: California Office of the Attorney General
Incident : Data Breach AME413080525
Source: California Office of the Attorney General
Date Accessed: 2012-12-12
Incident : Data Breach AME041090625
Source: California Office of the Attorney General
Incident : Data Breach AME954091725
Source: California Office of the Attorney General
Date Accessed: 2013-02-05
Incident : data breach AME956091725
Source: California Office of the Attorney General
Date Accessed: 2013-02-19
Incident : Data Breach AME1005091725
Source: California Office of the Attorney General
Date Accessed: 2015-11-12
Incident : Data Breach AME001091825
Source: California Office of the Attorney General
Date Accessed: 2016-01-26
Incident : Data Breach AME028091825
Source: California Office of the Attorney General
Date Accessed: 2014-12-19
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Office of Consumer Affairs and Business Regulation, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-26, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-07, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-03-01, and Source: California Office of the Attorney GeneralDate Accessed: 2012-09-11, and Source: California Office of the Attorney GeneralDate Accessed: 2012-07-12, and Source: California Office of the Attorney GeneralDate Accessed: 2012-11-30, and Source: California Office of the Attorney GeneralDate Accessed: 2014-01-16, and Source: California Office of the Attorney GeneralDate Accessed: 2014-08-27, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2015-07-27, and Source: California Office of the Attorney GeneralDate Accessed: 2015-07-21, and Source: California Office of the Attorney GeneralDate Accessed: 2014-11-07, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2014-08-06, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2022-11-18, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-12-12, and Source: California Office of the Attorney GeneralDate Accessed: 2014-04-01, and Source: California Office of the Attorney GeneralDate Accessed: 2013-09-23, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-07-03, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2014-01-07, and Source: California Office of the Attorney GeneralDate Accessed: 2013-12-04, and Source: California Office of the Attorney GeneralDate Accessed: 2012-10-10, and Source: California Office of the Attorney GeneralDate Accessed: 2016-03-10, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2012-08-14, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2016-02-23, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-12-29, and Source: California Office of the Attorney GeneralDate Accessed: 2015-09-08, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-27, and Source: California Office of the Attorney GeneralDate Accessed: 2015-08-28, and Source: California Office of the Attorney GeneralDate Accessed: 2014-10-01, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2015-01-15, and Source: California Office of the Attorney GeneralDate Accessed: 2014-12-19, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-08-27, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2012-11-20, and Source: California Office of the Attorney GeneralDate Accessed: 2015-09-25, and Source: California Office of the Attorney GeneralDate Accessed: 2014-07-25, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2012-12-12, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-02-05, and Source: California Office of the Attorney GeneralDate Accessed: 2013-02-19, and Source: California Office of the Attorney GeneralDate Accessed: 2015-11-12, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-26, and Source: California Office of the Attorney GeneralDate Accessed: 2014-12-19.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach AME038090625
Investigation Status: Ongoing (specific types of compromised information unknown)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Alerted affected customers to monitor for fraudulent activities, Alerting customers as a precaution, Public disclosure via California Office of the Attorney General, Public disclosure via California Office of the Attorney General and Notification letters sent to affected parties.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach AME1751261023
Customer Advisories: Alerting customers as a precaution
Incident : Data Breach AME028091825
Customer Advisories: Notification letters sent to affected cardholders
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Alerting customers as a precaution and Notification letters sent to affected cardholders.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach AME001091825
Entry Point: Third-party service provider's system
High Value Targets: American Express Card Member Data,
Data Sold on Dark Web: American Express Card Member Data,
Incident : Data Breach AME028091825
High Value Targets: Merchant's data files containing card information
Data Sold on Dark Web: Merchant's data files containing card information
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach AME1005091725
Root Causes: Unauthorized access to merchant's data files
Incident : Data Breach AME001091825
Root Causes: Third-Party Vendor Security Vulnerability,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Continuous monitoring for fraudulent activity.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Hacker and Unauthorized individuals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-01-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-12-19.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Account numbers, Names, Full addresses, Phone numbers, Date of birth, Gender, , Account numbers, Names, Expiration dates, , credit and debit numbers, , account numbers, names, , American Express Card information, , Customer names, American Express Card account numbers, Expiration dates, , names, card numbers, expiration dates, security codes, , American Express Card account numbers, names, , Card account numbers, Names, Expiration dates, , account numbers, names, expiration dates, , American Express Card account numbers, names, expiration dates, Social Security numbers, , American Express Card account numbers, names, other card information, , American Express Card information, , American Express Card information, , Names, Card account numbers, , American Express Card account numbers, names, other Card information, , personal information, account information, , American Express Card account numbers, names, expiration dates, , American Express Card account numbers, names, expiration dates, , card numbers, names, expiration dates, , American Express Card numbers, Other card information, , American Express Card account numbers, names, other card information, , Names, Addresses, , American Express Card account numbers, Names, , Account numbers, Names, , card numbers, expiration dates, , Cancelled card numbers, Names, , account numbers, names, Social Security numbers, , American Express Card information, account numbers, names, , card account numbers, names, , American Express Card account numbers, Other card information, , Card account numbers, Names, Expiration dates, , card numbers, names, , American Express Card account numbers, names, other card information, , card account numbers, card expiration dates, , American Express Card account numbers, names, expiration dates, , Card Members' account information, Card Members' account numbers, personal details, , Card account numbers, Holder names, , card numbers, names, , card account number, name, other card information, , Account information, Names, Card numbers, , American Express Card account numbers, names, Card information, , American Express card account numbers, names, other card information, , American Express Card account numbers, names, other card information, , American Express Card account numbers, Names, , American Express Card account numbers, other card information, , American Express Card account numbers, Names, , American Express Card account numbers, names, expiration dates, , American Express Card account numbers, Other card information, , American Express Card account numbers, names, expiration dates, , American Express Card account numbers, names, expiration dates, , American Express Card account numbers, Other related information, , American Express Card information, account numbers, names, , customer names, card account numbers, card expiration dates, , American Express Card account numbers, names, expiration dates, , Unknown (personal information), Card account number, Expiration date, , Cardmember account numbers, names, expiration dates, , card account numbers, cardholder names, other card information (excluding SSNs), , American Express Card account numbers, related information, , American Express Card account numbers, Names, Card information, , American Express Card account numbers, Card information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Payment processing system and Payment Processing System and merchant's website and Third-party service provider's system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Account numbers, American Express Card account numbers, card account number, Expiration dates, Customer names, Gender, Card Members' account numbers, personal details, other card information (excluding SSNs), American Express Card numbers, Names, American Express Card information, Other card information, card numbers, expiration dates, Card account number, Date of birth, Full addresses, name, Account information, Cardmember account numbers, account numbers, Card Members' account information, Card numbers, Other related information, related information, names, American Express card account numbers, Addresses, other Card information, customer names, Social Security numbers, cardholder names, security codes, Phone numbers, other card information, card account numbers, personal information, Card account numbers, Cancelled card numbers, card expiration dates, Holder names, Unknown (personal information), Expiration date, Card information, credit and debit numbers and account information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Massachusetts Office of Consumer Affairs and Business Regulation and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (specific types of compromised information unknown).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Alerting customers as a precaution and Notification letters sent to affected cardholders.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Third-party service provider's system.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unauthorized access to merchant's data files, Third-party vendor security vulnerability.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=american-express' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
