Stories
Slash Boxes
Comments

SoylentNews is people

American Express Customer Info Accessed by Employee for Possible Fraud

posted by martyb on Friday October 04 2019, @06:27AM   Printer-friendly
from the are-there-*ANY*-safe-credit-cards? dept.

Fnord666 writes:

American Express Customer Info Accessed by Employee for Possible Fraud

An American Express employee is being investigated for accessing card holder information and potentially using it to open accounts at other financial institutions.

Starting on September 30th, 2019, American Express began sending out data breach notifications to cardholder members whose information was fraudulently accessed by an employee.

According to this notification, an employee was accessing the information for cardholders and potentially using it to perform identity theft by fraudulently opening accounts at other financial institutions.

"It was brought to our attention that personal information, related to your American Express Card account listed above, may have been wrongfully accessed by one of our employees in an attempt to conduct fraudulent activity, including potentially opening accounts at other financial institutions. In response, we immediately launched an investigation and are fully cooperating with law enforcement agencies to further their investigation."

The information that was accessed for affected members includes the full name, physical and/or billing address, Social Security numbers, birth dates, and the credit card number.

While the notifications are titled "Notice of Data Breach", this is not the same type of data breach that we commonly report on. No systems were hacked or databases stolen.

Instead this was an employee of American Express accessing information when they were not supposed to in order to use it for fraudulent purposes.

Source: BleepingComputer

Original Submission

 
This discussion has been archived. No new comments can be posted.
American Express Customer Info Accessed by Employee for Possible Fraud | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Friday October 04 2019, @01:27PM (1 child)

    by Anonymous Coward on Friday October 04 2019, @01:27PM (#902596)

    I wonder what the audit will find? CC info should never be available even in debug logs beyond the last 4 digits and rarely the first (card brand).

    • (Score: 0) by Anonymous Coward on Friday October 04 2019, @05:10PM

      by Anonymous Coward on Friday October 04 2019, @05:10PM (#902693)

      You're looking at this from the standpoint of point-of-sale systems, which is what PCI/DSS covers.

      This was an American Express employee (I'm guessing customer service) with access to customer account records.

      All of the information mentioned is required to obtain an American Express (or any other similar) card.

      "Hello. My name is Evil Customer Service Guy. Would you please confirm your name, address and the account you're calling about today?"
      Pulls up customer record and all these details are available.

      Or, just randomly pull up customer records and copy the data.

  • (Score: 0) by Anonymous Coward on Friday October 04 2019, @03:19PM (1 child)

    by Anonymous Coward on Friday October 04 2019, @03:19PM (#902640)

    I've seen hotel clerks write down information from credit cards, photocopy driver's licences and no one seems to care.

    • (Score: 2) by etherscythe on Friday October 04 2019, @05:41PM

      by etherscythe (937) on Friday October 04 2019, @05:41PM (#902708) Journal

      Clearly the answer is MFA, as with everything else these days. One-time PIN, applicable to a single transaction only (wasn't the chip we all got supposed to do this?). Sigh. As if I don't have enough authenticator apps as it is.

      --
      "Fake News: anything reported outside of my own personally chosen echo chamber"
(1)