American Express is notifying 58,522 California residents that data including their names and account numbers may have been breached. The company was informed by law enforcement that several large files containing the personal information was posted online by apparent members of Anonymous, the online “hacktivist” network.
In what’s becoming an unfortunate ritual for U.S. consumers, news of another data breach, this time at American Express, is prompting calls for cardholders to protect themselves.
Earlier this week, American Express announced that it was notifying 58,522 California residents that data including their names and account numbers may have been breached. More than 18,000 more California residents, the notice said, may have had other information breached, but not their names.
According to the notice, the company was informed by law enforcement that several large files containing the personal information was posted online by apparent members of Anonymous, the online “hacktivist” network.
The company believes the subgroup Anonymous Ukraine was specifically to blame.
Scott Mitic, a vice president at Equifax, one of the three American credit bureaus, called the incident “yet another in the nearly constant stream of data breaches that affect U.S. consumers today. It’s part of our day-to-day to lives.”
On the spectrum of breaches, he said, credit card info isn’t as damaging as personal information such as social security numbers and birthdays, which can be used indefinitely for identity theft.
In this case, he encouraged cardholders to check their recent transactions, place fraud alerts on their accounts and check their credit reports.
It’s unclear when the data was breached, but AmEx first discovered it back on March 25, according to the company.
“We are strongly committed to the security of our card members’ information and strive to let you know about security concerns as soon as possible,” the company said in a statement. “At this time, we believe the recovered data may include your American Express Card account number, the card expiration date, the date your card became effective and the four digit code printed on the front of your card.”
The company said it had placed additional fraud monitoring on affected cards, and assured customers that they are not liable for any fraudulent charges.