American Express
Company Details
Linkedin ID:
american-express
Website:
Employees number:
79,764
Number of followers:
2,809,257
NAICS:
52
Industry Type:
Homepage:
americanexpress.com
IP Addresses:
0
Company ID:
AME_2856520
Scan Status:
In-progress
American Express Company CyberSecurity Posture
americanexpress.com
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly striving to uphold our powerful backing promise to our customers and each other every day. These beliefs have been our North Star for 170 years as our business transformed – from helping evacuate travelers during World Wars, to ensuring the safety of our customers’ funds during the Great Depression in the U.S., to creating the Shop Small® movement to help small businesses recover from the Financial Crisis, to providing aid to communities impacted by many natural disasters and so much more. For generations, the key to our success has been the determination and resilience of our American Express colleagues. Now, as a globally integrated payments company, we work together to provide customers with access to products, insights and world-class experiences that enrich lives and build business success. Join us and let’s lead the way together. Learn more about us at: https://www.americanexpress.com/careers https://www.americanexpress.com/ https://www.facebook.com/AmericanExpressUS https://www.instagram.com/americanexpress/ https://twitter.com/americanexpress https://www.youtube.com/user/AmericanExpress See our community guidelines at: https://www.americanexpress.com/en-us/company/community-guidelines/ If you have a customer service issue or question, please visit www.americanexpress.com/contactus
American Express A.I CyberSecurity Scoring
American Express Risk Score (AI oriented)Between 700 and 749
American Express
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
American Express Global Score (TPRM)XXXX
American Express
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
American Express Company CyberSecurity News & History
Past Incidents
50
Attack Types
2
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On March 10, 2016, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred on December 7, 2013, and compromised account information of some cardholders, including card numbers and names.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 25, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach wherein American Express Card information, including account numbers and names, was recovered during a law enforcement investigation. The specific date of the breach is not available, and no Social Security numbers were compromised.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on January 7, 2014, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach involving the recovery of American Express Card information. The breach included card account numbers and names but did not compromise Social Security numbers, and no specific number of individuals affected was provided.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 12, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach resulting in the recovery of American Express Card information, including account numbers, names, and expiration dates. Social Security numbers were not impacted, and there was no indication of unauthorized activity.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on March 1, 2013, that American Express experienced a data breach involving its Cardmembers' information being recovered during a law enforcement investigation. The breach reportedly included American Express Card account numbers and names, but did not compromise Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on October 10, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach involving American Express Card information. The affected data included Card account numbers, names, and expiration dates, but Social Security numbers were not compromised; the specific number of individuals affected is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on April 9, 2013, which was reported on May 2, 2013. The breach involved the recovery of American Express Card information, including account numbers and names, but Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on June 2, 2014. The breach, reported on January 28, 2016, potentially compromised account information of an unknown number of Card Members. The compromised data included card numbers, names, and expiration dates. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 3, 2012. The breach involved unauthorized access to a merchant's website files which potentially exposed American Express Card account numbers, names, and other card information, affecting an unspecified number of individuals.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach on March 22, 2015, affecting American Express Travel Related Services Company, Inc. The breach involved unauthorized access to a third-party service provider's system, compromising Card Members' account information. The incident was reported on January 7, 2016, but the exact number of individuals affected was not disclosed.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on May 21, 2012. The breach potentially exposed American Express Card account numbers, names, and expiration dates, affecting an unknown number of individuals. However, Social Security numbers were not compromised.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on November 6, 2012. The breach, which occurred on November 6, 2011, affected potentially compromised American Express Card account information. Card account numbers and card expiration dates were impacted, but Social Security numbers were not compromised. The specific number of affected individuals remains unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On September 23, 2013, the California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. (referred to as AXP). The incident involved the recovery of American Express Card account information, including card numbers and expiration dates; however, Social Security numbers were not affected. The breach date is not available.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on December 12, 2013, that American Express Travel Related Services Company, Inc. experienced a data breach on May 28, 2013, involving unauthorized access to a merchant's website files. The breach potentially exposed American Express Card account numbers and names, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach affecting American Express Travel Related Services Company, Inc. and/or its Affiliates on August 27, 2013. The breach occurred on January 17, 2012, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers and other card information. The number of affected individuals is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on July 21, 2015, that American Express Travel Related Services Company, Inc. experienced a data breach on February 15, 2011, involving unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other Card information. The breach did not impact Social Security numbers or show any unauthorized activity on the affected accounts.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on March 13, 2011, which was reported on August 7, 2014. The breach involved unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other card information, but not Social Security numbers. The number of individuals affected is not specified.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 28, 2015. The breach involved a merchant theft that potentially exposed American Express Card account numbers, names, and Card information, but did not compromise Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on January 26, 2016. The breach occurred on September 23, 2015, affecting certain Card Members' account information, including account numbers and names. The specific number of individuals affected is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on July 3, 2013. The breach involved the recovery of American Express Card information, including account numbers, names, and Social Security numbers, although the breach date was not specified.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 27, 2014. The breach is related to the recovery of American Express Card information, but the exact method of the breach and the number of individuals affected is unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on December 12, 2012. The breach occurred on November 1, 2010, and resulted in unauthorized access to a merchant's website, potentially compromising American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving the American Express Travel Related Services Company, Inc. on September 13, 2012. The breach occurred on April 2, 2012, involving unauthorized access to a merchant's data files, exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of individuals affected is unknown.
American Express Travel Related Services Company, Inc
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on October 1, 2014. The breach occurred on June 13, 2013, and involved unauthorized access to a merchant's website files, compromising American Express card account numbers, names, and other card information, but not Social Security numbers. The number of affected individuals is unknown.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The data breach reported by the Massachusetts Office of Consumer Affairs and Business Regulation on July 7, 2020, involved American Express Travel Related Services Company, Inc. The breach affected 1 resident and included compromised electronic records such as credit and debit numbers. This incident highlights the vulnerability of financial information in electronic systems and the potential risks associated with data breaches.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 27, 2016. The breach occurred on April 23, 2015, due to unauthorized access to a third-party service provider, potentially compromising the account information of some Card Members, including names and card numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 26, 2015. The breach occurred on April 12, 2014, due to unauthorized access to a merchant's website, potentially exposing Cardmembers' American Express Card account numbers, names, and other card information, while Social Security numbers were not affected.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 22, 2015. The breach involved unauthorized access to a payment processing system, leading to potential access of account information for some Card Members, including names and addresses, but not Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 19, 2013. The breach occurred on February 1, 2013, and involved unauthorized access to data files that included Card account numbers and holder names, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on August 14, 2012. The breach occurred on March 2, 2012, due to unauthorized access to merchant data files potentially exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates (AXP) on November 30, 2012. The recovered data reportedly included American Express Card account numbers, names, expiration dates, and Social Security numbers, but the exact number of individuals affected and the specific method of the breach are unknown.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on December 19, 2014, that American Express Travel Related Services Company, Inc. experienced a data breach on July 11, 2011. The incident involved unauthorized access to a merchant's website which potentially exposed American Express Card account numbers and names, although Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: In May 2008, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant’s data files. The incident, reported by the California Office of the Attorney General on November 12, 2015, exposed American Express Card account numbers and related transaction details. While the breach did not compromise Social Security numbers, the exact number of affected individuals remains undisclosed. The unauthorized access suggests a failure in securing third-party merchant systems, potentially allowing attackers to harvest payment card information. Such breaches often lead to financial fraud risks for cardholders, including unauthorized transactions or identity theft attempts. The delayed disclosure (over seven years later) further highlights gaps in incident response and regulatory compliance. Although no direct evidence of misuse was reported, the exposure of card data alone poses significant reputational and operational risks for American Express, eroding customer trust and potentially incurring regulatory penalties.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company Inc.** in February 2013, originating from an incident on **December 30, 2011**. The breach exposed **Cardmember account numbers, names, and expiration dates**, though **Social Security numbers remained uncompromised**. The exact number of impacted individuals was not disclosed, leaving the scale of exposure uncertain.The exposed data—primarily financial in nature—poses risks such as **fraudulent transactions, identity theft (limited to payment card details), and potential reputational harm** to both customers and the company. While no direct financial losses or systemic disruptions were reported, the breach underscores vulnerabilities in **payment card security protocols**, raising concerns over **customer trust erosion** and **regulatory scrutiny**. The absence of Social Security numbers mitigates severe identity theft risks, but the exposure of **payment card details** still aligns with financial-reputation threats typical of targeted cyber incidents in the financial sector.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** in May 2014. The incident involved the unauthorized exposure of **American Express Card account information**, specifically **card account numbers and expiration dates**. However, **Social Security numbers remained unaffected**, and the exact timeline of the breach, along with the number of impacted individuals, was not publicly disclosed. While the breach did not result in the compromise of highly sensitive personal identifiers (e.g., Social Security numbers), the exposure of **payment card details** poses risks such as **potential fraudulent transactions, phishing attempts, or identity theft targeting cardholders**. Financial institutions and affected customers would likely face **reputational concerns**, increased scrutiny over security protocols, and possible **financial losses** due to fraudulent activities linked to the exposed data. The breach underscores vulnerabilities in payment system protections, though the absence of broader personal data (e.g., SSNs) limits the severity compared to more extensive leaks.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On August 24, 2012, American Express Travel Related Services Company, Inc. experienced a data breach due to unauthorized access to a merchant's website. The incident, reported by the California Office of the Attorney General on February 19, 2013, resulted in the compromise of American Express Card account numbers, cardholder names, and other payment-related details. However, Social Security numbers were not affected, and the exact number of impacted individuals remains undisclosed. The breach stemmed from a vulnerability in the merchant’s system, allowing attackers to exploit weaknesses and gain access to sensitive cardholder data. While the exposed information could potentially facilitate fraudulent transactions or identity theft, the absence of Social Security numbers or broader personal identifiers limited the severity of the long-term consequences. American Express likely initiated containment measures, including notifying affected customers and collaborating with law enforcement to mitigate risks. The incident underscores the persistent threats posed by cybercriminals targeting payment systems, emphasizing the need for robust security protocols across third-party vendors.
American Express Travel Related Services Company, Inc
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General disclosed a data breach affecting **American Express** in January 2016, stemming from an incident in **November 2014**. The breach involved unauthorized access to a **third-party service provider’s system**, exposing sensitive customer data. Compromised information included **American Express Card account numbers, cardholder names, and other card-related details** of certain Card Members. While the exact scale of the breach was not specified, the exposure of financial data posed risks of fraud, identity theft, and reputational harm to affected customers. The incident highlighted vulnerabilities in third-party vendor security, raising concerns about supply chain risks in payment processing ecosystems. American Express likely faced regulatory scrutiny, potential financial liabilities, and erosion of customer trust due to the exposure of payment card information.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: In December 2014, the California Office of the Attorney General disclosed a data breach affecting **American Express Travel Related Services Company, Inc.** The incident involved unauthorized access to a merchant’s data files, potentially exposing **American Express Card account numbers and associated card details**. While the breach compromised payment-related information, it did **not** include more sensitive data such as **Social Security numbers**. The exposure primarily impacted financial transaction data, raising concerns over potential fraudulent activity linked to the compromised card details. Although no evidence of misuse was immediately reported, the breach posed risks to cardholders, including unauthorized transactions or identity fraud attempts tied to the exposed payment information. The incident highlighted vulnerabilities in third-party merchant systems handling American Express card data, prompting notifications to affected individuals and regulatory scrutiny.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on September 24, 2014. The breach exposed American Express Card information, but it was confirmed that Social Security numbers were not impacted. This incident highlights the vulnerability of financial information in cyber attacks, emphasizing the need for robust security measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 15, 2015. Unauthorized access to a merchant's website files potentially affected American Express Card account numbers and other card information, but Social Security numbers were not impacted.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach at American Express Travel Related Services Company, Inc. on February 2, 2012. The breach involved unauthorized access to data files, exposing Card account numbers, names, and expiration dates. Social Security numbers were not impacted. The number of individuals affected is unknown. This incident highlights the vulnerability of financial information and the importance of robust cybersecurity measures to protect sensitive data.
American Express Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on December 19, 2012, involving unauthorized access to a merchant's website. Approximately UNKN individuals were potentially affected, with the compromised data including American Express Card account numbers and names, but not Social Security numbers.
American Express National Bank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: American Express National Bank experienced a data breach on **February 19, 2025**, resulting in the **inadvertent exposure of personal information** to an unauthorized third party. While the exact nature of the compromised data remains undisclosed, the incident suggests a failure in security protocols that allowed sensitive customer or employee information to be accessed without authorization. Such breaches typically raise concerns over **identity theft, financial fraud, or reputational damage**, depending on the scope of the exposed data. The lack of clarity on the specific types of information leaked (e.g., financial records, personally identifiable information, or internal documents) complicates risk assessment, but the breach inherently signals **operational vulnerabilities** within the bank’s cybersecurity framework. Customers may face heightened scrutiny over potential misuse of their data, while the bank could encounter **regulatory penalties, loss of trust, and financial liabilities** tied to remediation efforts. The incident underscores the critical need for robust data protection measures, particularly in financial institutions handling high volumes of sensitive transactions.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 23, 2013. The breach occurred on January 15, 2013, and involved unauthorized access to a payment processing service, potentially exposing account information of some Cardmembers including names, card numbers, expiration dates, and security codes, although Social Security numbers were not impacted.
American Express Travel Related Services Company, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on February 23, 2016. The breach involved illegally obtained personal and account information that may have included Card Members' account numbers and personal details; however, the exact information compromised is currently unknown.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on July 27, 2015. The breach occurred on February 1, 2015, involving unauthorized access to a payment processing system, potentially affecting account information of Cardmembers, including names and Card account numbers.
American Express Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach by American Express Travel Related Services Company, Inc. on January 7, 2016. The breach occurred on October 18, 2014, involving unauthorized access to merchant data files that potentially included customer names, American Express Card account numbers, and expiration dates. The exact number of affected individuals and other specific details are unknown.
American Express
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: An unknown hacker leaked the personal data of about 10,000 American Express credit cardholders. The leaked data include account numbers, names, full addresses, phone numbers, date of birth, gender, and other personally identifiable information. Amex immediately took action and alerted the affected customers to be alerted for any fraudulent activities.
American Express
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: American Express is alerting customers to the possibility that a security compromise at a third-party service provider has exposed their payment card information. American Express claims that hackers may have taken data connected to cards that were issued in the past or are now in use. Account numbers, names, and expiration dates are among the pieces of information that were obtained by unauthorised individuals. The business clarifies that this event did not affect any systems owned or controlled by American Express, and that this alert is being sent merely as a precaution. American Express emphasised that the incident had no effect on its financial systems and that it continues to monitor fraudulent activity that could potentially harm cardholders in order to prevent exploitation.
American Express Travel Related Services Company
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company on November 18, 2022. The breach occurred on July 26, 2022, when a third-party service provider was victimized by a cyber attack, potentially impacting customer information, though specific details about the compromised data are unknown.
American Express Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for American Express
Incidents vs Financial Services Industry Average (This Year)
American Express has 21.95% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
American Express has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types American Express vs Financial Services Industry Avg (This Year)
American Express reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — American Express (X = Date, Y = Severity)
American Express cyber incidents detection timeline including parent company and subsidiaries
American Express Company Subsidiaries
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly striving to uphold our powerful backing promise to our customers and each other every day. These beliefs have been our North Star for 170 years as our business transformed – from helping evacuate travelers during World Wars, to ensuring the safety of our customers’ funds during the Great Depression in the U.S., to creating the Shop Small® movement to help small businesses recover from the Financial Crisis, to providing aid to communities impacted by many natural disasters and so much more. For generations, the key to our success has been the determination and resilience of our American Express colleagues. Now, as a globally integrated payments company, we work together to provide customers with access to products, insights and world-class experiences that enrich lives and build business success. Join us and let’s lead the way together. Learn more about us at: https://www.americanexpress.com/careers https://www.americanexpress.com/ https://www.facebook.com/AmericanExpressUS https://www.instagram.com/americanexpress/ https://twitter.com/americanexpress https://www.youtube.com/user/AmericanExpress See our community guidelines at: https://www.americanexpress.com/en-us/company/community-guidelines/ If you have a customer service issue or question, please visit www.americanexpress.com/contactus
Loading...
American Express Similar Companies
CTF Services Limited
Listed on The Stock Exchange of Hong Kong Limited, CTF Services Limited (Hong Kong Stock Code: 659) is a conglomerate with a diversified portfolio of market-leading businesses, predominantly in Hong Kong and the Mainland. The Group’s businesses include toll roads, construction, insurance, logistics
MUFG
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. T
J.P. Morgan
J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built
Bajaj Finserv
Founded in April 2007, Bajaj Finserv is the financial arm of the Bajaj group. We believe in a simple philosophy to never settle for good and go for great. This reflects in our extensive product portfolio that spans across 3 broad categories- lending, insurance and wealth advisory. With 24 products s
Moody's Analytics
In an era where risks are multiplying and increasingly interconnected, Moody’s helps organizations make sense of the complexities. By combining data, intelligence, and risk expertise with groundbreaking technologies and a seamless customer experience, we deliver relevant insights on interconnected r
XP Inc.
A XP Inc. é uma das maiores instituições financeiras independente do Brasil, dona das marcas XP, Rico, Clear, XP Educação, InfoMoney, entre outras. Com mais de 4,6 milhões de clientes ativos e um valor superior a R$ 1,1 trilhão de ativos sob custódia, há 23 anos vem transformando o mercado financeir
Fannie Mae
Fannie Mae creates opportunities for people to buy, refinance, or rent a home. We are a leading source of mortgage financing in all markets and at all times. We ensure the availability of affordable mortgage loans. The financing solutions we develop make homeownership and workforce rental housing a
PT. Pegadaian
PT Pegadaian didirikan di kota Sukabumi, Jawa Barat pada 1 April 1901. Tak hanya bergerak di Industri Gadai, Pegadaian juga memiliki ragam produk dan layanan seperti investasi berbasis emas yang dapat dimiliki oleh masyarakat dengan cara yang mudah, diantaranya Tabungan Emas, Cicil Emas dan Arisan
Barclays Investment Bank
Barclays Investment Bank deploys financial solutions to help our clients with their funding, financing, strategic and risk management needs across sectors, markets and economies. The Investment Bank is comprised of the Investment Banking, International Corporate Banking, Global Markets and Researc
.png)
American Express CyberSecurity News
October 18, 2025 07:00 AM
Inside one man’s mission to reveal the truth about American Express
Smith complained internally and even reached out to Amex's individual lawyers on LinkedIn, desperate to draw their attention to what he...
October 15, 2025 07:00 AM
‘Sensitive personal information’: Leaked report reveals American Express security failures
The privacy watchdog wants American Express to overhaul its technology systems after a lengthy investigation found they were exposed to...
October 13, 2025 07:00 AM
Will American Express Stock Move On Earnings?
American Express revenues are expected to reach $18 billion, reflecting an 8.5% increase year-over-year while earnings are anticipated to be...
October 07, 2025 07:00 AM
Amex At 175 Years Old: Why Gen Z Is Saying “Member Since”
American Express is driving innovation even more intentionally as a mature brand focused on winning the next generation of travel consumers.
October 07, 2025 07:00 AM
Data Breach at Red Hat Exposes Thousands of High-Profile Clients
Open-source giant Red Hat confirmed that a previously unknown extortion group calling itself “Crimson Collective” had stolen sensitive...
October 06, 2025 07:00 AM
Hackers steal sensitive Red Hat customer data after breaching GitLab repository
Walmart, American Express and HSBC are among the companies that have had sensitive data exposed.
October 03, 2025 07:00 AM
Red Hat GitLab Data Breach: The Crimson Collective's Attack
This breach exposed 570GB of data from 28000 repositories, affecting 800+ organizations. Crimson Collective leaked Customer Engagement...
September 19, 2025 07:00 AM
CrowdStrike Honors Top Customers and Partners Driving Innovation in AI-Powered Cybersecurity
CrowdStrike (NASDAQ: CRWD) today announced the winners of its 2025 Protectors Awards and Global Partner Awards, presented during Fal.
September 15, 2025 07:00 AM
American Express Travel Launches App To Simplify The Booking Journey
American Express Travel Research leads to a simplified travel booking experience. Will this improved experience unlock growth?
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
American Express CyberSecurity History Information
Official Website of American Express
The official website of American Express is https://www.americanexpress.com/.
American Express’s AI-Generated Cybersecurity Score
According to Rankiteo, American Express’s AI-generated cybersecurity score is 706, reflecting their Moderate security posture.
How many security badges does American Express’ have ?
According to Rankiteo, American Express currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does American Express have SOC 2 Type 1 certification ?
According to Rankiteo, American Express is not certified under SOC 2 Type 1.
Does American Express have SOC 2 Type 2 certification ?
According to Rankiteo, American Express does not hold a SOC 2 Type 2 certification.
Does American Express comply with GDPR ?
According to Rankiteo, American Express is not listed as GDPR compliant.
Does American Express have PCI DSS certification ?
According to Rankiteo, American Express does not currently maintain PCI DSS compliance.
Does American Express comply with HIPAA ?
According to Rankiteo, American Express is not compliant with HIPAA regulations.
Does American Express have ISO 27001 certification ?
According to Rankiteo,American Express is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of American Express
American Express operates primarily in the Financial Services industry.
Number of Employees at American Express
American Express employs approximately 79,764 people worldwide.
Subsidiaries Owned by American Express
American Express presently has no subsidiaries across any sectors.
American Express’s LinkedIn Followers
American Express’s official LinkedIn profile has approximately 2,809,257 followers.
NAICS Classification of American Express
American Express is classified under the NAICS code 52, which corresponds to Finance and Insurance.
American Express’s Presence on Crunchbase
No, American Express does not have a profile on Crunchbase.
American Express’s Presence on LinkedIn
Yes, American Express maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/american-express.
Cybersecurity Incidents Involving American Express
As of December 11, 2025, Rankiteo reports that American Express has experienced 50 cybersecurity incidents.
Number of Peer and Competitor Companies
American Express has an estimated 30,346 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at American Express ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does American Express detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with alerted affected customers to monitor for fraudulent activities, and communication strategy with alerting customers as a precaution, and enhanced monitoring with continuous monitoring for fraudulent activity, and and and law enforcement notified with yes (california office of the attorney general), and law enforcement notified with yes (california attorney general), and communication strategy with public disclosure via california office of the attorney general, and communication strategy with public disclosure via california office of the attorney general, and law enforcement notified with yes (california office of the attorney general), and communication strategy with notification letters sent to affected parties..
Incident Details
Can you provide details on each incident ?
Title: American Express Data Leak
Description: An unknown hacker leaked the personal data of about 10,000 American Express credit cardholders. The leaked data include account numbers, names, full addresses, phone numbers, date of birth, gender, and other personally identifiable information. Amex immediately took action and alerted the affected customers to be alerted for any fraudulent activities.
Type: Data Breach
Attack Vector: Unknown
Threat Actor: Unknown Hacker
Title: American Express Data Breach
Description: American Express is alerting customers to the possibility that a security compromise at a third-party service provider has exposed their payment card information.
Type: Data Breach
Attack Vector: Third-party service provider compromise
Threat Actor: Unauthorized individuals
Title: American Express Travel Related Services Company, Inc. Data Breach
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach on July 7, 2020, involving American Express Travel Related Services Company, Inc. The breach affected 1 resident and involved compromised electronic records including credit and debit numbers.
Date Publicly Disclosed: 2020-07-07
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on January 26, 2016. The breach occurred on September 23, 2015, affecting certain Card Members' account information, including account numbers and names. The specific number of individuals affected is unknown.
Date Detected: 2016-01-26
Date Publicly Disclosed: 2016-01-26
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to merchant data files that potentially included customer names, American Express Card account numbers, and expiration dates.
Date Detected: 2016-01-07
Date Publicly Disclosed: 2016-01-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a payment processing service, potentially exposing account information of some Cardmembers including names, card numbers, expiration dates, and security codes.
Date Detected: 2013-01-15
Date Publicly Disclosed: 2013-08-23
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on March 1, 2013, that American Express experienced a data breach involving its Cardmembers' information being recovered during a law enforcement investigation. The breach reportedly included American Express Card account numbers and names, but did not compromise Social Security numbers.
Date Detected: 2013-03-01
Date Publicly Disclosed: 2013-03-01
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to data files exposing Card account numbers, names, and expiration dates.
Date Detected: 2012-02-02
Date Publicly Disclosed: 2012-09-11
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on July 12, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach resulting in the recovery of American Express Card information, including account numbers, names, and expiration dates. Social Security numbers were not impacted, and there was no indication of unauthorized activity.
Date Detected: 2012-07-12
Date Publicly Disclosed: 2012-07-12
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates (AXP) on November 30, 2012. The recovered data reportedly included American Express Card account numbers, names, expiration dates, and Social Security numbers, but the exact number of individuals affected and the specific method of the breach are unknown.
Date Detected: 2012-11-30
Date Publicly Disclosed: 2012-11-30
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on August 27, 2014. The breach is related to the recovery of American Express Card information, but the exact method of the breach and the number of individuals affected is unknown.
Date Detected: 2014-08-27
Date Publicly Disclosed: 2014-08-27
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on September 24, 2014. The notification letter indicated that the breach involved exposure of American Express Card information but confirmed that Social Security numbers were not impacted.
Date Detected: 2014-09-24
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a payment processing system, potentially affecting account information of Cardmembers, including names and Card account numbers.
Date Detected: 2015-07-27
Date Publicly Disclosed: 2015-07-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other Card information.
Date Detected: 2011-02-15
Date Publicly Disclosed: 2015-07-21
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's data files, exposing American Express Card account numbers, names, and expiration dates.
Date Detected: 2012-04-02
Date Publicly Disclosed: 2012-09-13
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 2, 2014, which potentially compromised account information of an unknown number of Card Members. The breach was reported on January 28, 2016, and involved compromised card numbers, names, and expiration dates.
Date Detected: 2014-06-02
Date Publicly Disclosed: 2016-01-28
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on June 3, 2012. The breach involved unauthorized access to a merchant's website files which potentially exposed American Express Card account numbers, names, and other card information, affecting an unspecified number of individuals.
Date Detected: 2012-06-03
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company on November 18, 2022. The breach occurred on July 26, 2022, when a third-party service provider was victimized by a cyber attack, potentially impacting customer information, though specific details about the compromised data are unknown.
Date Detected: 2022-07-26
Date Publicly Disclosed: 2022-11-18
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a payment processing system, potentially exposing account information for some Card Members, including names and addresses, but not Social Security numbers.
Date Publicly Disclosed: 2015-07-22
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website files potentially exposed American Express Card account numbers and names.
Date Detected: 2013-05-28
Date Publicly Disclosed: 2013-12-12
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The incident involved the recovery of American Express Card account information, including card numbers and expiration dates; however, Social Security numbers were not affected.
Date Publicly Disclosed: 2013-09-23
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc on July 3, 2013. The breach involved the recovery of American Express Card information, including account numbers, names, and Social Security numbers, although the breach date was not specified.
Date Publicly Disclosed: 2013-07-03
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on April 9, 2013, which was reported on May 2, 2013. The breach involved the recovery of American Express Card information, including account numbers and names, but Social Security numbers were not impacted.
Date Detected: 2013-04-09
Date Publicly Disclosed: 2013-05-02
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on January 7, 2014, that American Express Travel Related Services Company, Inc and/or its Affiliates experienced a data breach involving the recovery of American Express Card information. The breach included card account numbers and names but did not compromise Social Security numbers, and no specific number of individuals affected was provided.
Date Publicly Disclosed: 2014-01-07
Type: Data Breach
Title: American Express Data Breach
Description: The California Office of the Attorney General reported on October 10, 2012, that American Express Travel Related Services Company, Inc. experienced a data breach involving American Express Card information. The affected data included Card account numbers, names, and expiration dates, but Social Security numbers were not compromised; the specific number of individuals affected is unknown.
Date Publicly Disclosed: 2012-10-10
Type: Data Breach
Title: American Express Data Breach
Description: A data breach involving American Express Travel Related Services Company, Inc. compromised account information of some cardholders, including card numbers and names.
Date Detected: 2016-03-10
Date Publicly Disclosed: 2016-03-10
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a merchant's website potentially exposed Cardmembers' American Express Card account numbers, names, and other card information.
Date Detected: 2014-04-12
Date Publicly Disclosed: 2015-08-26
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on November 6, 2012, affecting potentially compromised American Express Card account information. The breach occurred on November 6, 2011, and while card account numbers and card expiration dates were impacted, Social Security numbers were not compromised. The specific number of affected individuals remains unknown.
Date Detected: 2012-11-06
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to merchant data files potentially exposing American Express Card account numbers, names, and expiration dates, but not Social Security numbers.
Date Detected: 2012-08-14
Date Publicly Disclosed: 2012-08-14
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on March 22, 2015, which affected Card Members' account information. The breach was reported on January 7, 2016, and involved unauthorized access to a third-party service provider's system, but specifics about the number of individuals affected were not provided.
Date Detected: 2015-03-22
Date Publicly Disclosed: 2016-01-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc and/or its Affiliates on February 23, 2016. The breach involved illegally obtained personal and account information that may have included Card Members' account numbers and personal details; however, the exact information compromised is currently unknown.
Date Detected: 2016-02-23
Date Publicly Disclosed: 2016-02-23
Type: Data Breach
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to data files that included Card account numbers and holder names, but Social Security numbers were not impacted.
Date Detected: 2013-02-01
Date Publicly Disclosed: 2013-07-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on January 27, 2016. The breach occurred on April 23, 2015, due to unauthorized access to a third-party service provider, potentially compromising the account information of some Card Members, including names and card numbers.
Date Detected: 2016-01-27
Date Publicly Disclosed: 2016-01-27
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Third-party service provider
Title: American Express Travel Related Services Company Data Breach
Description: A data breach involving American Express Travel Related Services Company, Inc. was reported by the California Office of the Attorney General on August 28, 2015. The breach involved a merchant theft that potentially exposed American Express Card account numbers, names, and Card information, but did not compromise Social Security numbers.
Date Publicly Disclosed: 2015-08-28
Type: Data Breach
Attack Vector: Merchant Theft
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's website files compromising American Express card account numbers, names, and other card information.
Date Detected: 2014-10-01
Date Publicly Disclosed: 2014-10-01
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers, names, and other card information, but not Social Security numbers.
Date Detected: 2011-03-13
Date Publicly Disclosed: 2014-08-07
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Data Breach
Description: Unauthorized access to a merchant's website compromised American Express Card account numbers and names.
Date Detected: 2012-12-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Travel Related Services Company Data Breach
Description: Unauthorized access to a merchant's website files potentially affected American Express Card account numbers and other card information, but Social Security numbers were not impacted.
Date Detected: 2015-01-15
Date Publicly Disclosed: 2015-01-15
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website potentially exposed American Express Card account numbers and names.
Date Detected: 2011-07-11
Date Publicly Disclosed: 2014-12-19
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: Unauthorized access to a merchant's website, potentially exposing American Express Card account numbers and other card information.
Date Detected: 2012-01-17
Date Publicly Disclosed: 2013-08-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express Data Breach
Description: The California Office of the Attorney General reported that American Express Travel Related Services Company, Inc. experienced a data breach on May 21, 2012. The breach potentially exposed American Express Card account numbers, names, and expiration dates, affecting an unknown number of individuals. However, Social Security numbers were not compromised.
Date Detected: 2012-05-21
Type: Data Breach
Title: American Express Data Breach
Description: American Express Travel Related Services Company, Inc. experienced a data breach wherein American Express Card information, including account numbers and names, was recovered during a law enforcement investigation.
Date Publicly Disclosed: 2014-07-25
Type: Data Breach
Title: American Express Travel Related Services Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on December 12, 2012. The breach occurred on November 1, 2010, and resulted in unauthorized access to a merchant's website, potentially compromising American Express Card account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2012-12-12
Date Publicly Disclosed: 2012-12-12
Type: Data Breach
Attack Vector: Unauthorized Access
Title: American Express National Bank Data Breach - February 2025
Description: The American Express National Bank reported a data breach involving a security incident that occurred on February 19, 2025, which resulted in the inadvertent disclosure of personal information to an unauthorized third party. The specific types of information compromised are currently unknown.
Type: Data Breach
Title: American Express Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. on May 29, 2014. The breach potentially exposed American Express Card account information, including the card account number and expiration date, but Social Security numbers were not impacted. The specific date of the breach and the number of affected individuals are unknown.
Date Publicly Disclosed: 2014-05-29
Type: Data Breach
Title: American Express Data Breach (2011-2013)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company Inc. on February 5, 2013. The breach occurred on December 30, 2011, potentially affecting Cardmember account numbers, names, and expiration dates, but not Social Security numbers. The number of affected individuals is unknown.
Date Detected: 2011-12-30
Date Publicly Disclosed: 2013-02-05
Type: Data Breach
Title: American Express Data Breach via Merchant Website (2012)
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. The breach occurred due to unauthorized access to a merchant's website, compromising American Express Card account numbers, names, and other card information (excluding Social Security numbers). The number of affected individuals remains unknown.
Date Detected: 2012-08-24
Date Publicly Disclosed: 2013-02-19
Type: data breach
Attack Vector: unauthorized access to third-party merchant website
Title: American Express Data Breach (2008)
Description: The California Office of the Attorney General reported a data breach by American Express Travel Related Services Company, Inc. on November 12, 2015. The breach occurred on May 5, 2008, due to unauthorized access to a merchant's data files, potentially exposing American Express Card account numbers and related information, while Social Security numbers were not impacted. The number of affected individuals is unknown.
Date Detected: 2008-05-05
Date Publicly Disclosed: 2015-11-12
Type: Data Breach
Attack Vector: Unauthorized access to merchant's data files
Title: American Express Data Breach via Third-Party Service Provider
Description: The California Office of the Attorney General reported a data breach involving American Express Travel Related Services Company, Inc. and/or its Affiliates. The breach occurred due to unauthorized access to a third-party service provider's system, potentially compromising American Express Card account numbers, names, and card information of some Card Members.
Date Publicly Disclosed: 2016-01-26
Type: Data Breach
Attack Vector: Third-Party Compromise
Title: American Express Merchant Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach incident involving American Express Travel Related Services Company, Inc and/or its Affiliates. Unauthorized access to a merchant's data files may have exposed American Express Card account numbers and Card information, but did not affect Social Security numbers.
Date Publicly Disclosed: 2014-12-19
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party service provider's system.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AME234915422
Data Compromised: Account numbers, Names, Full addresses, Phone numbers, Date of birth, Gender
Incident : Data Breach AME1751261023
Data Compromised: Account numbers, Names, Expiration dates
Payment Information Risk: True
Incident : Data Breach AME637071625
Data Compromised: Credit and debit numbers
Incident : Data Breach AME435072425
Data Compromised: Account numbers, Names
Incident : Data Breach AME844072525
Data Compromised: Customer names, American express card account numbers, Expiration dates
Incident : Data Breach AME315072525
Data Compromised: Names, Card numbers, Expiration dates, Security codes
Payment Information Risk: True
Incident : Data Breach AME519072525
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME336072625
Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME425072625
Data Compromised: Account numbers, Names, Expiration dates
Incident : Data Breach AME601072625
Data Compromised: American express card account numbers, Names, Expiration dates, Social security numbers
Incident : Data Breach AME908072625
Data Compromised: American express card information
Incident : Data Breach AME217072625
Data Compromised: American express card information
Incident : Data Breach AME317072625
Data Compromised: Names, Card account numbers
Systems Affected: Payment processing system
Incident : Data Breach AME446072625
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME957072625
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME443072625
Data Compromised: Card numbers, Names, Expiration dates
Incident : Data Breach AME159072725
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME441072725
Data Compromised: Names, Addresses
Systems Affected: Payment Processing System
Incident : Data Breach AME506072725
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME617072725
Data Compromised: Card numbers, Expiration dates
Payment Information Risk: True
Incident : Data Breach AME955072725
Data Compromised: Account numbers, Names, Social security numbers
Incident : Data Breach AME203072725
Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME306072725
Data Compromised: Card account numbers, Names
Incident : Data Breach AME505072725
Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME514072725
Data Compromised: Card numbers, Names
Incident : Data Breach AME223072725
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME401072725
Data Compromised: Card account numbers, Card expiration dates
Incident : Data Breach AME218072825
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME701072825
Data Compromised: Card Members' account information
Incident : Data Breach AME157072825
Data Compromised: Card members' account numbers, Personal details
Incident : Data Breach AME342072825
Data Compromised: Card account numbers, Holder names
Incident : Data Breach AME824072825
Data Compromised: Account information, Names, Card numbers
Incident : Data Breach AME120072925
Data Compromised: American express card account numbers, Names, Card information
Incident : Data Breach AME201072925
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME245072925
Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME527072925
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME949080425
Data Compromised: American express card account numbers, Other card information
Payment Information Risk: True
Incident : Data Breach AME209080425
Data Compromised: American express card account numbers, Names
Incident : Data Breach AME706080425
Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME223080425
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME528080425
Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME413080525
Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME038090625
Data Compromised: Unknown (personal information)
Identity Theft Risk: Potential (due to personal information exposure)
Incident : Data Breach AME041090625
Data Compromised: Card account number, Expiration date
Identity Theft Risk: Low (no Social Security numbers impacted)
Payment Information Risk: High (card account details exposed)
Incident : Data Breach AME954091725
Data Compromised: Cardmember account numbers, Names, Expiration dates
Identity Theft Risk: Low (no Social Security numbers compromised)
Payment Information Risk: High (account numbers and expiration dates exposed)
Incident : data breach AME956091725
Data Compromised: Card account numbers, Cardholder names, Other card information (excluding ssns)
Systems Affected: merchant's website
Identity Theft Risk: potential (card information exposed)
Payment Information Risk: high (card account numbers compromised)
Incident : Data Breach AME1005091725
Data Compromised: American express card account numbers, Related information
Payment Information Risk: American Express Card account numbers
Incident : Data Breach AME001091825
Data Compromised: American express card account numbers, Names, Card information
Systems Affected: Third-party service provider's system
Identity Theft Risk: Potential
Payment Information Risk: High
Incident : Data Breach AME028091825
Data Compromised: American express card account numbers, Card information
Identity Theft Risk: Low (no Social Security numbers exposed)
Payment Information Risk: High (Card account numbers and information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Account Numbers, Names, Expiration Dates, , Credit And Debit Numbers, , Account Numbers, Names, , Customer Names, American Express Card Account Numbers, Expiration Dates, , Names, Card Numbers, Expiration Dates, Security Codes, , American Express Card Account Numbers, Names, , Card Account Numbers, Names, Expiration Dates, , Account Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, Social Security Numbers, , American Express Card Information, , American Express Card information, Names, Card Account Numbers, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Account Numbers, Names, Expiration Dates, , Card Numbers, Names, Expiration Dates, , American Express Card Account Numbers, Names, Other Card Information, , Names, Addresses, , American Express Card Account Numbers, Names, , Card Numbers, Expiration Dates, , Account Numbers, Names, Social Security Numbers, , American Express Card Information, Account Numbers, Names, , Card Account Numbers, Names, , Card Account Numbers, Names, Expiration Dates, , Card Numbers, Names, , American Express Card Account Numbers, Names, Other Card Information, , Card Account Numbers, Card Expiration Dates, , American Express Card Account Numbers, Names, Expiration Dates, , Card Members' account information, Card Members' Account Numbers, Personal Details, , Card Account Numbers, Holder Names, , Account Information, Names, Card Numbers, , American Express Card Account Numbers, Names, Card Information, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Account Numbers, Names, Other Card Information, , American Express Card Account Numbers, Names, , American Express Card Account Numbers, Other Card Information, , American Express Card Account Numbers, Names, , American Express Card Account Numbers, Other Card Information, , American Express Card Account Numbers, Names, Expiration Dates, , American Express Card Information, Account Numbers, Names, , American Express Card Account Numbers, Names, Expiration Dates, , Personal information (specific types unknown), Card Account Number, Expiration Date, , Cardmember Account Numbers, Names, Expiration Dates, , Payment Card Data, Personal Identifiers (Names), , American Express Card Account Numbers, Related Information, , Payment Card Data, Personally Identifiable Information (Pii), , Card Account Numbers, Card Information and .
Which entities were affected by each incident ?
Incident : Data Breach AME234915422
Entity Name: American Express
Entity Type: Financial Services
Industry: Credit Card Services
Customers Affected: 10,000
Incident : Data Breach AME1751261023
Entity Name: American Express
Entity Type: Credit Card Company
Industry: Financial Services
Incident : Data Breach AME637071625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Private Company
Industry: Financial Services
Customers Affected: 1
Incident : Data Breach AME435072425
Entity Name: American Express Travel Related Services Company, Inc
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME844072525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME315072525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME519072525
Entity Name: American Express
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME336072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: UNKN
Incident : Data Breach AME425072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Financial Services
Industry: Financial Services
Incident : Data Breach AME601072625
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates (AXP)
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME908072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME217072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Location: California
Incident : Data Breach AME317072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME446072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME957072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME443072625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: unknown number of Card Members
Incident : Data Breach AME159072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME345072725
Entity Name: American Express Travel Related Services Company
Entity Type: Company
Industry: Travel Services
Incident : Data Breach AME441072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME506072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME617072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME955072725
Entity Name: American Express Travel Related Services Company, Inc
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME203072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME306072725
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME505072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME514072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME223072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME401072725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME218072825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME701072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME157072825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME342072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME824072825
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME120072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME201072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME245072925
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME527072925
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: UNKN
Incident : Data Breach AME949080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME209080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME706080425
Entity Name: American Express Travel Related Services Company, Inc. and/or its Affiliates
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME223080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: Unknown number of individuals
Incident : Data Breach AME528080425
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME413080525
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Company
Industry: Financial Services
Incident : Data Breach AME038090625
Entity Name: American Express National Bank
Entity Type: Financial Institution
Industry: Banking/Financial Services
Location: United States
Incident : Data Breach AME041090625
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Corporation
Industry: Financial Services
Location: United States (California)
Incident : Data Breach AME954091725
Entity Name: American Express Travel Related Services Company Inc.
Entity Type: Corporation
Industry: Financial Services
Location: United States (California)
Customers Affected: Unknown
Incident : data breach AME956091725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: financial services
Industry: payments/credit cards
Location: United States (California breach report)
Customers Affected: unknown
Incident : data breach AME956091725
Entity Name: Unnamed merchant (third-party)
Entity Type: e-commerce/retail
Incident : Data Breach AME1005091725
Entity Name: American Express Travel Related Services Company, Inc.
Entity Type: Financial Services
Industry: Financial Services / Credit Cards
Location: United States (California)
Customers Affected: Unknown
Incident : Data Breach AME001091825
Entity Name: American Express Travel Related Services Company, Inc. and/or its Affiliates
Entity Type: Financial Services
Industry: Payments / Credit Cards
Location: United States (California reported)
Incident : Data Breach AME001091825
Entity Name: Unnamed Third-Party Service Provider
Entity Type: Service Provider
Incident : Data Breach AME028091825
Entity Name: American Express Travel Related Services Company, Inc and/or its Affiliates
Entity Type: Financial Services
Industry: Payments / Credit Cards
Location: United States (California)
Incident : Data Breach AME028091825
Entity Name: Unspecified Merchant (third-party)
Entity Type: Merchant
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach AME234915422
Communication Strategy: Alerted affected customers to monitor for fraudulent activities
Incident : Data Breach AME1751261023
Communication Strategy: Alerting customers as a precaution
Enhanced Monitoring: Continuous monitoring for fraudulent activity
Incident : Data Breach AME519072525
Incident : Data Breach AME528080425
Incident : Data Breach AME954091725
Law Enforcement Notified: Yes (California Office of the Attorney General)
Incident : data breach AME956091725
Law Enforcement Notified: yes (California Attorney General)
Incident : Data Breach AME1005091725
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach AME001091825
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach AME028091825
Law Enforcement Notified: Yes (California Office of the Attorney General)
Communication Strategy: Notification letters sent to affected parties
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AME234915422
Type of Data Compromised: Personal information
Number of Records Exposed: 10,000
Sensitivity of Data: High
Personally Identifiable Information: Account numbersNamesFull addressesPhone numbersDate of birthGender
Incident : Data Breach AME1751261023
Type of Data Compromised: Account numbers, Names, Expiration dates
Sensitivity of Data: High
Incident : Data Breach AME637071625
Type of Data Compromised: Credit and debit numbers
Number of Records Exposed: 1
Incident : Data Breach AME435072425
Type of Data Compromised: Account numbers, Names
Incident : Data Breach AME844072525
Type of Data Compromised: Customer names, American express card account numbers, Expiration dates
Incident : Data Breach AME315072525
Type of Data Compromised: Names, Card numbers, Expiration dates, Security codes
Sensitivity of Data: High
Incident : Data Breach AME519072525
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME336072625
Type of Data Compromised: Card account numbers, Names, Expiration dates
Number of Records Exposed: UNKN
Incident : Data Breach AME425072625
Type of Data Compromised: Account numbers, Names, Expiration dates
Incident : Data Breach AME601072625
Type of Data Compromised: American express card account numbers, Names, Expiration dates, Social security numbers
Sensitivity of Data: High
Incident : Data Breach AME908072625
Type of Data Compromised: American express card information
Incident : Data Breach AME217072625
Type of Data Compromised: American Express Card information
Incident : Data Breach AME317072625
Type of Data Compromised: Names, Card account numbers
Incident : Data Breach AME446072625
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME957072625
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME443072625
Type of Data Compromised: Card numbers, Names, Expiration dates
Number of Records Exposed: unknown
Incident : Data Breach AME159072725
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME441072725
Type of Data Compromised: Names, Addresses
Personally Identifiable Information: NamesAddresses
Incident : Data Breach AME506072725
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME617072725
Type of Data Compromised: Card numbers, Expiration dates
Sensitivity of Data: High
Incident : Data Breach AME955072725
Type of Data Compromised: Account numbers, Names, Social security numbers
Sensitivity of Data: High
Incident : Data Breach AME203072725
Type of Data Compromised: American express card information, Account numbers, Names
Incident : Data Breach AME306072725
Type of Data Compromised: Card account numbers, Names
Incident : Data Breach AME505072725
Type of Data Compromised: Card account numbers, Names, Expiration dates
Incident : Data Breach AME514072725
Type of Data Compromised: Card numbers, Names
Incident : Data Breach AME223072725
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME401072725
Type of Data Compromised: Card account numbers, Card expiration dates
Incident : Data Breach AME218072825
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME701072825
Type of Data Compromised: Card Members' account information
Incident : Data Breach AME157072825
Type of Data Compromised: Card members' account numbers, Personal details
Incident : Data Breach AME342072825
Type of Data Compromised: Card account numbers, Holder names
Incident : Data Breach AME824072825
Type of Data Compromised: Account information, Names, Card numbers
Incident : Data Breach AME120072925
Type of Data Compromised: American express card account numbers, Names, Card information
Incident : Data Breach AME201072925
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME245072925
Type of Data Compromised: American express card account numbers, Names, Other card information
Incident : Data Breach AME527072925
Type of Data Compromised: American express card account numbers, Names
Number of Records Exposed: UNKN
Incident : Data Breach AME949080425
Type of Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME209080425
Type of Data Compromised: American express card account numbers, Names
Incident : Data Breach AME706080425
Type of Data Compromised: American express card account numbers, Other card information
Incident : Data Breach AME223080425
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Number of Records Exposed: Unknown
Incident : Data Breach AME528080425
Type of Data Compromised: American express card information, Account numbers, Names
Personally Identifiable Information: names
Incident : Data Breach AME413080525
Type of Data Compromised: American express card account numbers, Names, Expiration dates
Incident : Data Breach AME038090625
Type of Data Compromised: Personal information (specific types unknown)
Data Exfiltration: Yes (inadvertent disclosure to unauthorized third party)
Personally Identifiable Information: Yes (unspecified)
Incident : Data Breach AME041090625
Type of Data Compromised: Card account number, Expiration date
Sensitivity of Data: High (payment card details)
Personally Identifiable Information: No (Social Security numbers not impacted)
Incident : Data Breach AME954091725
Type of Data Compromised: Cardmember account numbers, Names, Expiration dates
Number of Records Exposed: Unknown
Sensitivity of Data: High (payment card details)
Personally Identifiable Information: names
Incident : data breach AME956091725
Type of Data Compromised: Payment card data, Personal identifiers (names)
Number of Records Exposed: unknown
Sensitivity of Data: high (payment card details)
Data Exfiltration: yes
Personally Identifiable Information: partial (names only, no SSNs)
Incident : Data Breach AME1005091725
Type of Data Compromised: American express card account numbers, Related information
Number of Records Exposed: Unknown
Sensitivity of Data: Moderate (payment card data, no SSNs)
Personally Identifiable Information: No (Social Security numbers not impacted)
Incident : Data Breach AME001091825
Type of Data Compromised: Payment card data, Personally identifiable information (pii)
Sensitivity of Data: High
Data Exfiltration: Potential
Personally Identifiable Information: NamesCard account numbers
Incident : Data Breach AME028091825
Type of Data Compromised: Card account numbers, Card information
Sensitivity of Data: High (payment card data)
Data Exfiltration: Likely (unauthorized access to merchant's data files)
Personally Identifiable Information: No (Social Security numbers not affected)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach AME041090625
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME954091725
Regulatory Notifications: California Office of the Attorney General
Incident : data breach AME956091725
Regulatory Notifications: yes (California Attorney General)
Incident : Data Breach AME1005091725
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME001091825
Regulations Violated: Potential violation of California data breach notification laws (e.g., CCPA precursor),
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach AME028091825
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach AME637071625
Source: Massachusetts Office of Consumer Affairs and Business Regulation
Incident : Data Breach AME435072425
Source: California Office of the Attorney General
Date Accessed: 2016-01-26
Incident : Data Breach AME844072525
Source: California Office of the Attorney General
Date Accessed: 2016-01-07
Incident : Data Breach AME315072525
Source: California Office of the Attorney General
Incident : Data Breach AME519072525
Source: California Office of the Attorney General
Date Accessed: 2013-03-01
Incident : Data Breach AME336072625
Source: California Office of the Attorney General
Date Accessed: 2012-09-11
Incident : Data Breach AME425072625
Source: California Office of the Attorney General
Date Accessed: 2012-07-12
Incident : Data Breach AME601072625
Source: California Office of the Attorney General
Date Accessed: 2012-11-30
Incident : Data Breach AME908072625
Source: California Office of the Attorney General
Date Accessed: 2014-08-27
Incident : Data Breach AME217072625
Source: California Office of the Attorney General
Incident : Data Breach AME317072625
Source: California Office of the Attorney General
Date Accessed: 2015-07-27
Incident : Data Breach AME446072625
Source: California Office of the Attorney General
Date Accessed: 2015-07-21
Incident : Data Breach AME957072625
Source: California Office of the Attorney General
Incident : Data Breach AME443072625
Source: California Office of the Attorney General
Incident : Data Breach AME159072725
Source: California Office of the Attorney General
Incident : Data Breach AME345072725
Source: California Office of the Attorney General
Date Accessed: 2022-11-18
Incident : Data Breach AME441072725
Source: California Office of the Attorney General
Incident : Data Breach AME506072725
Source: California Office of the Attorney General
Date Accessed: 2013-12-12
Incident : Data Breach AME617072725
Source: California Office of the Attorney General
Date Accessed: 2013-09-23
Incident : Data Breach AME955072725
Source: California Office of the Attorney General
Date Accessed: 2013-07-03
Incident : Data Breach AME203072725
Source: California Office of the Attorney General
Incident : Data Breach AME306072725
Source: California Office of the Attorney General
Date Accessed: 2014-01-07
Incident : Data Breach AME505072725
Source: California Office of the Attorney General
Date Accessed: 2012-10-10
Incident : Data Breach AME514072725
Source: California Office of the Attorney General
Date Accessed: 2016-03-10
Incident : Data Breach AME223072725
Source: California Office of the Attorney General
Incident : Data Breach AME401072725
Source: California Office of the Attorney General
Incident : Data Breach AME218072825
Source: California Office of the Attorney General
Date Accessed: 2012-08-14
Incident : Data Breach AME701072825
Source: California Office of the Attorney General
Incident : Data Breach AME157072825
Source: California Office of the Attorney General
Date Accessed: 2016-02-23
Incident : Data Breach AME342072825
Source: California Office of the Attorney General
Incident : Data Breach AME824072825
Source: California Office of the Attorney General
Date Accessed: 2016-01-27
Incident : Data Breach AME120072925
Source: California Office of the Attorney General
Date Accessed: 2015-08-28
Incident : Data Breach AME201072925
Source: California Office of the Attorney General
Date Accessed: 2014-10-01
Incident : Data Breach AME245072925
Source: California Office of the Attorney General
Incident : Data Breach AME527072925
Source: California Office of the Attorney General
Incident : Data Breach AME949080425
Source: California Office of the Attorney General
Date Accessed: 2015-01-15
Incident : Data Breach AME209080425
Source: California Office of the Attorney General
Date Accessed: 2014-12-19
Incident : Data Breach AME706080425
Source: California Office of the Attorney General
Date Accessed: 2013-08-27
Incident : Data Breach AME223080425
Source: California Office of the Attorney General
Incident : Data Breach AME528080425
Source: California Office of the Attorney General
Date Accessed: 2014-07-25
Incident : Data Breach AME413080525
Source: California Office of the Attorney General
Date Accessed: 2012-12-12
Incident : Data Breach AME041090625
Source: California Office of the Attorney General
Incident : Data Breach AME954091725
Source: California Office of the Attorney General
Date Accessed: 2013-02-05
Incident : data breach AME956091725
Source: California Office of the Attorney General
Date Accessed: 2013-02-19
Incident : Data Breach AME1005091725
Source: California Office of the Attorney General
Date Accessed: 2015-11-12
Incident : Data Breach AME001091825
Source: California Office of the Attorney General
Date Accessed: 2016-01-26
Incident : Data Breach AME028091825
Source: California Office of the Attorney General
Date Accessed: 2014-12-19
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Office of Consumer Affairs and Business Regulation, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-26, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-07, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-03-01, and Source: California Office of the Attorney GeneralDate Accessed: 2012-09-11, and Source: California Office of the Attorney GeneralDate Accessed: 2012-07-12, and Source: California Office of the Attorney GeneralDate Accessed: 2012-11-30, and Source: California Office of the Attorney GeneralDate Accessed: 2014-08-27, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2015-07-27, and Source: California Office of the Attorney GeneralDate Accessed: 2015-07-21, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2022-11-18, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-12-12, and Source: California Office of the Attorney GeneralDate Accessed: 2013-09-23, and Source: California Office of the Attorney GeneralDate Accessed: 2013-07-03, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2014-01-07, and Source: California Office of the Attorney GeneralDate Accessed: 2012-10-10, and Source: California Office of the Attorney GeneralDate Accessed: 2016-03-10, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2012-08-14, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2016-02-23, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-27, and Source: California Office of the Attorney GeneralDate Accessed: 2015-08-28, and Source: California Office of the Attorney GeneralDate Accessed: 2014-10-01, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2015-01-15, and Source: California Office of the Attorney GeneralDate Accessed: 2014-12-19, and Source: California Office of the Attorney GeneralDate Accessed: 2013-08-27, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2014-07-25, and Source: California Office of the Attorney GeneralDate Accessed: 2012-12-12, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-02-05, and Source: California Office of the Attorney GeneralDate Accessed: 2013-02-19, and Source: California Office of the Attorney GeneralDate Accessed: 2015-11-12, and Source: California Office of the Attorney GeneralDate Accessed: 2016-01-26, and Source: California Office of the Attorney GeneralDate Accessed: 2014-12-19.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach AME038090625
Investigation Status: Ongoing (specific types of compromised information unknown)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Alerted affected customers to monitor for fraudulent activities, Alerting customers as a precaution, Public disclosure via California Office of the Attorney General, Public disclosure via California Office of the Attorney General and Notification letters sent to affected parties.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach AME1751261023
Customer Advisories: Alerting customers as a precaution
Incident : Data Breach AME028091825
Customer Advisories: Notification letters sent to affected cardholders
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Alerting customers as a precaution and Notification letters sent to affected cardholders.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach AME001091825
Entry Point: Third-party service provider's system
High Value Targets: American Express Card Member Data,
Data Sold on Dark Web: American Express Card Member Data,
Incident : Data Breach AME028091825
High Value Targets: Merchant's data files containing card information
Data Sold on Dark Web: Merchant's data files containing card information
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach AME1005091725
Root Causes: Unauthorized access to merchant's data files
Incident : Data Breach AME001091825
Root Causes: Third-Party Vendor Security Vulnerability,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Continuous monitoring for fraudulent activity.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Hacker and Unauthorized individuals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-01-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-12-19.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Account numbers, Names, Full addresses, Phone numbers, Date of birth, Gender, , Account numbers, Names, Expiration dates, , credit and debit numbers, , account numbers, names, , Customer names, American Express Card account numbers, Expiration dates, , names, card numbers, expiration dates, security codes, , American Express Card account numbers, names, , Card account numbers, Names, Expiration dates, , account numbers, names, expiration dates, , American Express Card account numbers, names, expiration dates, Social Security numbers, , American Express Card information, , American Express Card information, , Names, Card account numbers, , American Express Card account numbers, names, other Card information, , American Express Card account numbers, names, expiration dates, , card numbers, names, expiration dates, , American Express Card account numbers, names, other card information, , Names, Addresses, , American Express Card account numbers, Names, , card numbers, expiration dates, , account numbers, names, Social Security numbers, , American Express Card information, account numbers, names, , card account numbers, names, , Card account numbers, Names, Expiration dates, , card numbers, names, , American Express Card account numbers, names, other card information, , card account numbers, card expiration dates, , American Express Card account numbers, names, expiration dates, , Card Members' account information, Card Members' account numbers, personal details, , Card account numbers, Holder names, , Account information, Names, Card numbers, , American Express Card account numbers, names, Card information, , American Express card account numbers, names, other card information, , American Express Card account numbers, names, other card information, , American Express Card account numbers, Names, , American Express Card account numbers, other card information, , American Express Card account numbers, Names, , American Express Card account numbers, Other card information, , American Express Card account numbers, names, expiration dates, , American Express Card information, account numbers, names, , American Express Card account numbers, names, expiration dates, , Unknown (personal information), Card account number, Expiration date, , Cardmember account numbers, names, expiration dates, , card account numbers, cardholder names, other card information (excluding SSNs), , American Express Card account numbers, related information, , American Express Card account numbers, Names, Card information, , American Express Card account numbers, Card information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Payment processing system and Payment Processing System and merchant's website and Third-party service provider's system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Cardmember account numbers, Full addresses, names, other Card information, related information, card numbers, Other card information, credit and debit numbers, Holder names, Card account numbers, Account information, Addresses, Date of birth, other card information, expiration dates, Gender, Expiration date, American Express card account numbers, Phone numbers, Customer names, security codes, card expiration dates, Card Members' account information, cardholder names, American Express Card information, Account numbers, Unknown (personal information), card account numbers, personal details, Card numbers, other card information (excluding SSNs), Names, account numbers, Social Security numbers, Card information, Card Members' account numbers, Expiration dates, Card account number and American Express Card account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.0K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Massachusetts Office of Consumer Affairs and Business Regulation and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (specific types of compromised information unknown).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Alerting customers as a precaution and Notification letters sent to affected cardholders.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Third-party service provider's system.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unauthorized access to merchant's data files, Third-party vendor security vulnerability.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=american-express' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
