American Express Warns Customers About Breach -- From 2013

itwbennett writes: In a notification letter dated March 10, American Express warned cardholders that their account information might've been exposed after a third-party service provider suffered a data breach — in December 2013. The company says they are monitoring accounts for fraud and advise cardholders to do the same, but they offer no explanation for the delay.

Re:I can be the last post and...

[EvilAlphonso]

In socialist Europe, a data breach exposing customer confidential data or financial data that isn't reported to the relevant authorities and the customers within 3 days opens the company to large fines (up to 4% world-wide revenue of the company/group), a lawsuit and up to 20 days in jail for the management.

Not their fault!

[aglider]

They ran out of gas!
Th -- they had a flat tire!
They didn't have enough money for cab fare!
Their tux didn't come back from the cleaners!
Some old friend of theirs came in from out of town!
Someone stole their car!
There was an earthquake!
A terrible flood!
Locusts!
Hackers!

IT WASN'T THEIR FAULT, THEY'VE SWORN TO GOD!

"third party service provider"

[l0n3s0m3phr34k]

Whomever this company is needs to be named. TFA mentions that this is the same data Affinity Gaming reported, and now their suing the ITSEC corp Trustwave whom they hired to contain the breach since Trustwave failed and Affinity got hit again. This article says that it was a breach of the card processing system used for non-gambling (hotel, food, etc) purchases, so it appears this "third party" is a credit card processor that sits in between Affinity and AMEX.

I'm betting AMEX isn't the only card company hit in this, but there are so many data breaches unless you work in credit card ITSEC you probably don't keep good enough track of it all to tie it all together. It could be CK Systems, they are a CC processor that got hit in 2013.