#Privacy: Former Amex employee under investigation for accessing customer data

A former employee of American Express in under investigation by the police after being suspected of wrongfully accessing the personal data of “a small number” of Amex customers with fraudulent intent.

As the investigation is still ongoing, American Express are unable to comment upon the specifics of the incident, but the employee is thought to have wrongfully accessed the personal information of Amex customers in America with a view to opening fraudulent accounts at other financial institutions.

American Express began notifying customers of the data breach by letter on 30 September 2019, informing them that, “as a result of the incident, your name, current or previously issued American Express Card account number, physical and / or billing address, date of birth, and Social Security number were compromised.”

American Express have asked affected cardholders to check their account statements carefully for fraudulent charges over the next two years. However, a spokesperson for the company has confirmed that customers will not be held liable for any such charges.

Additionally, cardholders have been offered compensation in the form of a free two-year membership with Experian’s identity theft and resolution service, IdentityWorks. Customers who are already members of IdentityWorks are being offered the option of renewing their coverage for two years free of charge.

To sign up for membership, customers will need to provide the company with their Social Security numbers and current mailing addresses.

A spokesperson for American Express clarified that, “[…] this was not a breach of American Express’ systems and the person in question is no longer an employee of American Express”, but could not comment further due to the ongoing nature of the investigation

However, Amex have stressed that they are working in “close partnership with law enforcement” to resolve the issue.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/