American Express issues alert after Anonymous dumps cardholder data

In a letter to the California Attorney General's Office (OAG), American Express says that 76,608 people in the state will get a breach notification letter after some of their data was published by Anonymous Ukraine earlier this year.

In March, Anonymous Ukraine released more than 7 million records as part of a protest against the financial firms that helped "enslave" people the world over.

"After the USA showed its true face when she unilaterally decides which of the peoples to live independently and who under the yoke of the Federal Reserve, we decided to show the world who is behind the future collapse of the American banking system," Anonymous Ukraine supporters wrote at the time.

In all, they released 3,255,663 records from Visa; 1,778,749 records from MasterCard; 362,132 record from Discover; and 668,279 records from American Express. To date, only American Express has taken notification steps.

Experts who examined the data, noticed immediately that it was outdated, speculating that Anonymous Ukraine wasn't the original source despite their claims. Regardless, the data was real enough to force American Express to initiate their notification process.

In a letter to the California OAG, the financial firm says that more than 58,000 residents will be getting a letter via the US Postal Service about the incident.

"AXP was informed by law enforcement that several large files containing personal information were posted on internet sites by claimed members of "Anonymous," a worldwide hacking collective. The source(s) of the posted data is/are not currently known. The posted records contained varying data elements, but AXP has identified, and is providing notice via mail to, 58,522 California residents whose names and corresponding AXP account numbers were involved," the company's letter to the OAG explained.

In addition, American Express says that 18,086 other residents also had their data leaked by Anonymous Ukraine, but since their names were not released they're exempt from notification under California Civil Code s. 1798.29(e). But despite that fact, they're also planning to send letters to those customers as well, which is why the state's total was pushed over 76,000.

In the letter to customers, American Express said that they've placed additional fraud monitoring on the individual's account, reminding them that they are not liable for any fraudulent charges.

The letter goes on to offer additional information on how to obtain free credit reports, and provides a toll-free number to call for questions.

"We are strongly committed to the security of our Cardmembers' information and strive to let you know about security concerns as soon as possible," the customer letter states.

"At this time, we believe the recovered data may include your American Express Card account number, the card expiration date, the date your card became effective and the four digit code printed on the front of your card. Importantly, your Social Security number was not impacted and our systems have not detected any unauthorized activity on your Card account related to this incident."

American Express credited the UK National Crime Agency as the law enforcement agency responsible for bringing the leaked data to their attention.

Information on the number of customers outside of California who were impacted by the Anonymous Ukraine leak, wasn't available Sunday evening. CSO has been in contact with American Express and will report those additional figures as we get them.

Join the CSO newsletter!

Error: Please check your email address.

Tags Anonymousamerican expresshacktivismbreach notificationcredit card securitysecuritydata breach disclosure

More about American Express AustraliaCSOOAGVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts