A former employee of American Express is under investigation by the police for allegedly accessing customer information with the intent to commit fraud.
The exact details of the incident have not been disclosed, but the employee is thought to have wrongfully accessed the personal information of Amex customers in America in an attempt to open accounts at other financial institutions.
Amex began notifying customers of the data breach by letter on September 30. Customers who received the letter were told "as a result of the incident, your name, current or previously issued American Express Card account number, physical and/or billing address, date of birth, and Social Security number were compromised."
When contacted for comment, Amex would not say precisely how many customers had been affected by the breach but stated that "only a small number of our customers were impacted."
Affected cardholders have been asked by Amex to vigilantly monitor their account statements for the next two years for signs of fraudulent charges. However, Amex has stated that customers whose information was wrongfully accessed will not be held liable for any fraudulent charges.
In the letter sent to customers to notify them of the breach, Amex offered impacted cardholders a free two-year membership with Experian's identity theft and resolution service IdentityWorks by way of compensation. Customers who are already members are being offered the opportunity to extend their coverage for two years free of charge.
After informing them that their personal information was wrongfully accessed, the letter goes on to tell customers that they will need to entrust their Social Security number and current mailing address to the service provider if they wish to sign up for membership.
A spokesperson for American Express told Infosecurity Magazine: "Ensuring the security of our customers’ information is our top priority, and we are investigating this matter in close partnership with law enforcement.
"I would note that this was not a breach of American Express’ systems and the person in question is no longer an employee of American Express. In addition, only a small number of our customers were impacted, and those who are affected are being notified.
"As a reminder, our customers are not liable for any fraudulent charges on their American Express cards. Given this is an active criminal investigation, we can’t provide any further comment."