American Express National Bank experienced a data breach on February 19, 2025, resulting in the inadvertent exposure of personal information to an unauthorized third party. While the exact nature of the compromised data remains undisclosed, the incident suggests a failure in security protocols that allowed sensitive customer or employee information to be accessed without authorization. Such breaches typically raise concerns over identity theft, financial fraud, or reputational damage, depending on the scope of the exposed data. The lack of clarity on the specific types of information leaked (e.g., financial records, personally identifiable information, or internal documents) complicates risk assessment, but the breach inherently signals operational vulnerabilities within the bank’s cybersecurity framework. Customers may face heightened scrutiny over potential misuse of their data, while the bank could encounter regulatory penalties, loss of trust, and financial liabilities tied to remediation efforts. The incident underscores the critical need for robust data protection measures, particularly in financial institutions handling high volumes of sensitive transactions.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company on November 18, 2022. The breach occurred on July 26, 2022, when a third-party service provider was victimized by a cyber attack, potentially impacting customer information, though specific details about the compromised data are unknown.

An unknown hacker leaked the personal data of about 10,000 American Express credit cardholders. The leaked data include account numbers, names, full addresses, phone numbers, date of birth, gender, and other personally identifiable information. Amex immediately took action and alerted the affected customers to be alerted for any fraudulent activities.

The data breach reported by the Massachusetts Office of Consumer Affairs and Business Regulation on July 7, 2020, involved American Express Travel Related Services Company, Inc. The breach affected 1 resident and included compromised electronic records such as credit and debit numbers. This incident highlights the vulnerability of financial information in electronic systems and the potential risks associated with data breaches.

American Express is alerting customers to the possibility that a security compromise at a third-party service provider has exposed their payment card information. American Express claims that hackers may have taken data connected to cards that were issued in the past or are now in use. Account numbers, names, and expiration dates are among the pieces of information that were obtained by unauthorised individuals. The business clarifies that this event did not affect any systems owned or controlled by American Express, and that this alert is being sent merely as a precaution. American Express emphasised that the incident had no effect on its financial systems and that it continues to monitor fraudulent activity that could potentially harm cardholders in order to prevent exploitation.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on February 23, 2016. The breach involved illegally obtained personal and account information that may have included Card Members' account numbers and personal details; however, the exact information compromised is currently unknown.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on January 26, 2016. The breach occurred on September 23, 2015, affecting certain Card Members' account information, including account numbers and names. The specific number of individuals affected is unknown.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 28, 2015. The breach involved a merchant theft that potentially exposed American Express Card account numbers, names, and Card information, but did not compromise Social Security numbers.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 22, 2015. The breach involved unauthorized access to a payment processing system, leading to potential access of account information for some Card Members, including names and addresses, but not Social Security numbers.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 27, 2016. The breach occurred on April 23, 2015, due to unauthorized access to a third-party service provider, potentially compromising the account information of some Card Members, including names and card numbers.

The California Office of the Attorney General reported a data breach on March 22, 2015, affecting American Express Travel Related Services Company, Inc. The breach involved unauthorized access to a third-party service provider's system, compromising Card Members' account information. The incident was reported on January 7, 2016, but the exact number of individuals affected was not disclosed.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 27, 2015. The breach occurred on February 1, 2015, involving unauthorized access to a payment processing system, potentially affecting account information of Cardmembers, including names and Card account numbers.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 15, 2015. Unauthorized access to a merchant's website files potentially affected American Express Card account numbers and other card information, but Social Security numbers were not impacted.

In December 2014, the California Office of the Attorney General disclosed a data breach affecting American Express Travel Related Services Company, Inc. The incident involved unauthorized access to a merchant’s data files, potentially exposing American Express Card account numbers and associated card details. While the breach compromised payment-related information, it did not include more sensitive data such as Social Security numbers. The exposure primarily impacted financial transaction data, raising concerns over potential fraudulent activity linked to the compromised card details. Although no evidence of misuse was immediately reported, the breach posed risks to cardholders, including unauthorized transactions or identity fraud attempts tied to the exposed payment information. The incident highlighted vulnerabilities in third-party merchant systems handling American Express card data, prompting notifications to affected individuals and regulatory scrutiny.

The California Office of the Attorney General disclosed a data breach affecting American Express in January 2016, stemming from an incident in November 2014. The breach involved unauthorized access to a third-party service provider’s system, exposing sensitive customer data. Compromised information included American Express Card account numbers, cardholder names, and other card-related details of certain Card Members. While the exact scale of the breach was not specified, the exposure of financial data posed risks of fraud, identity theft, and reputational harm to affected customers. The incident highlighted vulnerabilities in third-party vendor security, raising concerns about supply chain risks in payment processing ecosystems. American Express likely faced regulatory scrutiny, potential financial liabilities, and erosion of customer trust due to the exposure of payment card information.

The California Office of the Attorney General reported a data breach by American Express Travel Related Services Company, Inc. on January 7, 2016. The breach occurred on October 18, 2014, involving unauthorized access to merchant data files that potentially included customer names, American Express Card account numbers, and expiration dates. The exact number of affected individuals and other specific details are unknown.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on September 24, 2014. The breach exposed American Express Card information, but it was confirmed that Social Security numbers were not impacted. This incident highlights the vulnerability of financial information in cyber attacks, emphasizing the need for robust security measures to protect sensitive data.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 27, 2014. The breach is related to the recovery of American Express Card information, but the exact method of the breach and the number of individuals affected is unknown.

The California Office of the Attorney General reported on July 25, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach wherein American Express Card information, including account numbers and names, was recovered during a law enforcement investigation. The specific date of the breach is not available, and no Social Security numbers were compromised.

The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on June 2, 2014. The breach, reported on January 28, 2016, potentially compromised account information of an unknown number of Card Members. The compromised data included card numbers, names, and expiration dates. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.

The California Office of the Attorney General disclosed a data breach affecting American Express Travel Related Services Company, Inc. in May 2014. The incident involved the unauthorized exposure of American Express Card account information, specifically card account numbers and expiration dates. However, Social Security numbers remained unaffected, and the exact timeline of the breach, along with the number of impacted individuals, was not publicly disclosed. While the breach did not result in the compromise of highly sensitive personal identifiers (e.g., Social Security numbers), the exposure of payment card details poses risks such as potential fraudulent transactions, phishing attempts, or identity theft targeting cardholders. Financial institutions and affected customers would likely face reputational concerns, increased scrutiny over security protocols, and possible financial losses due to fraudulent activities linked to the exposed data. The breach underscores vulnerabilities in payment system protections, though the absence of broader personal data (e.g., SSNs) limits the severity compared to more extensive leaks.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 26, 2015. The breach occurred on April 12, 2014, due to unauthorized access to a merchant's website, potentially exposing Cardmembers' American Express Card account numbers, names, and other card information, while Social Security numbers were not affected.

The California Office of the Attorney General reported on January 7, 2014, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach involving the recovery of American Express Card information. The breach included card account numbers and names but did not compromise Social Security numbers, and no specific number of individuals affected was provided.

On March 10, 2016, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred on December 7, 2013, and compromised account information of some cardholders, including card numbers and names.

On September 23, 2013, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. (referred to as AXP). The incident involved the recovery of American Express Card account information, including card numbers and expiration dates; however, Social Security numbers were not affected. The breach date is not available.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on July 3, 2013. The breach involved the recovery of American Express Card information, including account numbers, names, and Social Security numbers, although the breach date was not specified.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on October 1, 2014. The breach occurred on June 13, 2013, and involved unauthorized access to a merchant's website files, compromising American Express card account numbers, names, and other card information, but not Social Security numbers. The number of affected individuals is unknown.

The California Office of the Attorney General reported on December 12, 2013, that American Express Travel Related Services Company, Inc. experienced a data breach on May 28, 2013, involving unauthorized access to a merchant's website files. The breach potentially exposed American Express Card account numbers and names, but Social Security numbers were not impacted.

The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on April 9, 2013, which was reported on May 2, 2013. The breach involved the recovery of American Express Card information, including account numbers and names, but Social Security numbers were not impacted.

The California Office of the Attorney General reported on March 1, 2013, that American Express experienced a data breach involving its Cardmembers' information being recovered during a law enforcement investigation. The breach reportedly included American Express Card account numbers and names, but did not compromise Social Security numbers.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 19, 2013. The breach occurred on February 1, 2013, and involved unauthorized access to data files that included Card account numbers and holder names, but Social Security numbers were not impacted.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 23, 2013. The breach occurred on January 15, 2013, and involved unauthorized access to a payment processing service, potentially exposing account information of some Cardmembers including names, card numbers, expiration dates, and security codes, although Social Security numbers were not impacted.

The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on December 19, 2012, involving unauthorized access to a merchant's website. Approximately UNKN individuals were potentially affected, with the compromised data including American Express Card account numbers and names, but not Social Security numbers.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates (AXP) on November 30, 2012. The recovered data reportedly included American Express Card account numbers, names, expiration dates, and Social Security numbers, but the exact number of individuals affected and the specific method of the breach are unknown.

The California Office of the Attorney General reported on October 10, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach involving American Express Card information. The affected data included Card account numbers, names, and expiration dates, but Social Security numbers were not compromised; the specific number of individuals affected is unknown.

On August 24, 2012, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant's website. The incident, reported by the California Office of the Attorney General on February 19, 2013, resulted in the compromise of American Express Card account numbers, cardholder names, and other payment-related details. However, Social Security numbers were not affected, and the exact number of impacted individuals remains undisclosed. The breach stemmed from a vulnerability in the merchant’s system, allowing attackers to exploit weaknesses and gain access to sensitive cardholder data. While the exposed information could potentially facilitate fraudulent transactions or identity theft, the absence of Social Security numbers or broader personal identifiers limited the severity of the long-term consequences. American Express likely initiated containment measures, including notifying affected customers and collaborating with law enforcement to mitigate risks. The incident underscores the persistent threats posed by cybercriminals targeting payment systems, emphasizing the need for robust security protocols across third-party vendors.

The California Office of the Attorney General reported on July 12, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach resulting in the recovery of American Express Card information, including account numbers, names, and expiration dates. Social Security numbers were not impacted, and there was no indication of unauthorized activity.

The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 3, 2012. The breach involved unauthorized access to a merchant's website files which potentially exposed American Express Card account numbers, names, and other card information, affecting an unspecified number of individuals.

The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on May 21, 2012. The breach potentially exposed American Express Card account numbers, names, and expiration dates, affecting an unknown number of individuals. However, Social Security numbers were not compromised.

The California Office of the Attorney General reported a data breach involving the American Express Travel Related Services Company, Inc. on September 13, 2012. The breach occurred on April 2, 2012, involving unauthorized access to a merchant's data files, exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of individuals affected is unknown.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on August 14, 2012. The breach occurred on March 2, 2012, due to unauthorized access to merchant data files potentially exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers.

The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on February 2, 2012. The breach involved unauthorized access to data files, exposing Card account numbers, names, and expiration dates. Social Security numbers were not impacted. The number of individuals affected is unknown. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.

The California Office of the Attorney General reported a data breach affecting American Express Travel Related Services Company, Inc. and/or its Affiliates on August 27, 2013. The breach occurred on January 17, 2012, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers and other card information. The number of affected individuals is unknown.

The California Office of the Attorney General disclosed a data breach affecting American Express Travel Related Services Company Inc. in February 2013, originating from an incident on December 30, 2011. The breach exposed Cardmember account numbers, names, and expiration dates, though Social Security numbers remained uncompromised. The exact number of impacted individuals was not disclosed, leaving the scale of exposure uncertain.The exposed data—primarily financial in nature—poses risks such as fraudulent transactions, identity theft (limited to payment card details), and potential reputational harm to both customers and the company. While no direct financial losses or systemic disruptions were reported, the breach underscores vulnerabilities in payment card security protocols, raising concerns over customer trust erosion and regulatory scrutiny. The absence of Social Security numbers mitigates severe identity theft risks, but the exposure of payment card details still aligns with financial-reputation threats typical of targeted cyber incidents in the financial sector.

The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on November 6, 2012. The breach, which occurred on November 6, 2011, affected potentially compromised American Express Card account information. Card account numbers and card expiration dates were impacted, but Social Security numbers were not compromised. The specific number of affected individuals remains unknown.

The California Office of the Attorney General reported on December 19, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach on July 11, 2011. The incident involved unauthorized access to a merchant's website which potentially exposed American Express Card account numbers and names, although Social Security numbers were not impacted.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on March 13, 2011, which was reported on August 7, 2014. The breach involved unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other card information, but not Social Security numbers. The number of individuals affected is not specified.

The California Office of the Attorney General reported on July 21, 2015, that American Express Travel Related Services Company, Inc. experienced a data breach on February 15, 2011, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other Card information. The breach did not impact Social Security numbers or show any unauthorized activity on the affected accounts.

The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on December 12, 2012. The breach occurred on November 1, 2010, and resulted in unauthorized access to a merchant's website, potentially compromising American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.

In May 2008, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant’s data files. The incident, reported by the California Office of the Attorney General on November 12, 2015, exposed American Express Card account numbers and related transaction details. While the breach did not compromise Social Security numbers, the exact number of affected individuals remains undisclosed. The unauthorized access suggests a failure in securing third-party merchant systems, potentially allowing attackers to harvest payment card information. Such breaches often lead to financial fraud risks for cardholders, including unauthorized transactions or identity theft attempts. The delayed disclosure (over seven years later) further highlights gaps in incident response and regulatory compliance. Although no direct evidence of misuse was reported, the exposure of card data alone poses significant reputational and operational risks for American Express, eroding customer trust and potentially incurring regulatory penalties.