www.theregister.com
Open in
urlscan Pro
104.18.5.22
Public Scan
URL:
https://www.theregister.com/2024/03/04/american_express/
Submission: On March 05 via api from TR — Scanned from DE
Submission: On March 05 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
POST /CBW/custom
<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
<h5>Manage Cookie Preferences</h5>
<ul>
<li>
<label>
<input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
<strong>Necessary</strong>. <strong>Always active</strong>
</label>
<label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_necessary">
<p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="tailored_ads" value="tailored_ads">
<strong>Tailored Advertising</strong>. </label>
<label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_advertising_tailored_ads">
<p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
and in some cases selecting advertisements that are based on your interests. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="analytics" value="analytics">
<strong>Analytics</strong>. </label>
<label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_analytics">
<p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
</div>
</li>
</ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
name="accept" id="RegCTBWFBAC">
</form>POST /CBW/all
<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
<input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>Text Content
Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”. REVIEW AND MANAGE YOUR CONSENT Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer. MANAGE COOKIE PREFERENCES * Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. * Tailored Advertising. Read more These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. * Analytics. Read more These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. See also our Cookie policy and Privacy policy. Customize Settings Sign in / up TOPICS Security SECURITY All SecurityCyber-crimePatchesResearchCSO (X) Off-Prem OFF-PREM All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X) On-Prem ON-PREM All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector (X) Software SOFTWARE All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X) Offbeat OFFBEAT All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us (X) Special Features SPECIAL FEATURES All Special Features Cloud Infrastructure Week Cybersecurity Month Blackhat and DEF CON Sysadmin Month The Reg in Space Emerging Clean Energy Tech Week Spotlight on RSA Energy Efficient Datacenters VENDOR VOICE Vendor Voice VENDOR VOICE All Vendor Voice Amazon Web Services (AWS) Business Transformation DDN Google Cloud Infrastructure Hewlett Packard Enterprise: AI & ML solutions Hewlett Packard Enterprise: Edge-to-Cloud Platform Intel vPro VMware (X) Resources RESOURCES Whitepapers Webinars & Events Newsletters SECURITY 1 AMERICAN EXPRESS ADMITS CARD DATA EXPOSED AND BLAMES THIRD PARTY 1 DON'T LEAVE HOME WITHOUT … IT SECURITY Brandon Vigliarolo Mon 4 Mar 2024 // 23:04 UTC A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu. "Your current or previously issued American Express card account number, your name, and other card information such as the expiration date, may have been compromised. It is important to note that American Express owned or controlled systems were not compromised by this incident." * UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times * Hacker predicts Amex card numbers, bypasses chip and PIN * Payment terminal malware steals $3.3m worth of credit card numbers – so far * American Express loses bid to toss out lawsuit claiming it copied Spanish startup's flight booking software The US state of Massachusetts disclosed [PDF] the blunder as part of its rules on publicizing privacy breaches. It's worth noting American Express has appeared in Massachusetts' reports of data leakage a total of 16 times so far this year, with the other incidents mostly only covering a few (read: single digit) MA residents. Notification letters for those dozen or so screw-ups state that individual merchants were compromised, exposing their customer records, or that Amex customer data was found online during a law enforcement investigation and reported. Amex's spokespeople stressed to The Reg that these blunders "were not caused by a data breach at American Express or at a service provider of American Express." For example, in two of the cases, "the incidents resulted from point-of-sale attacks at merchant processors, and are not related" to any failures on American Express's end, we're told. For worried Amex customers, the finance giant gave assurances in its letters that customers aren't liable for fraudulent charges. Amex suggests customers regularly review their statements, and sign up for account alerts that notify users via text, email, or through its mobile app of any suspicious charges. ® Get our Tech Resources Share MORE ABOUT * Cybersecurity * Data Breach * Fraud More like these × MORE ABOUT * Cybersecurity * Data Breach * Fraud NARROWER TOPICS * RSA Conference BROADER TOPICS * Security MORE ABOUT Share 1 COMMENTS MORE ABOUT * Cybersecurity * Data Breach * Fraud More like these × MORE ABOUT * Cybersecurity * Data Breach * Fraud NARROWER TOPICS * RSA Conference BROADER TOPICS * Security TIP US OFF Send us news -------------------------------------------------------------------------------- OTHER STORIES YOU MIGHT LIKE INSIDER STEALS 79,000 EMAIL ADDRESSES AT WORK TO PROMOTE OWN BUSINESS After saying they're very sorry, they escape with a slap on the wrist Security14 days | 36 NIST UPDATES CYBERSECURITY FRAMEWORK AFTER A DECADE OF LESSONS The original was definitely getting a bit long in the tooth for modern challenges Security6 days | 5 ALPHV GANG CLAIMS IT'S THE ATTACKER THAT BROKE INTO PRUDENTIAL FINANCIAL, LOANDEPOT Ransomware group continues to exploit US regulatory requirements to its advantage Cyber-crime15 days | EMPLOYING YOUR CLOUD DATA WAREHOUSE TO SCALE UP AI/ML AI can unlock the power of enterprise data, providing companies can get it to the right place in the right state Sponsored Feature FOX NEWS 'HACKER' TURNS OUT TO BE JOURNALIST WHOSE LAWYERS SAY WAS DOING HIS JOB Infosec in brief Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns Security8 days | 31 RANSOMWARE BAN BACKERS INSIST THUGS MUST BE CUT OFF FROM PAYDAY Increasingly clear number of permanent solutions is narrowing Cyber-crime12 hrs | 10 SOUTHERN WATER CYBERATTACK EXPECTED TO HIT HUNDREDS OF THOUSANDS OF CUSTOMERS Brit utility also curiously disappears from Black Basta leak site Cyber-crime20 days | 44 BIDEN ASKS COAST GUARD TO CREATE AN INFOSEC PORT IN A STORMY SEA OF CYBER THREATS Oh hear us when we cry to thee for those in peril on the sea Public Sector12 days | 8 ORACLE FACES CONTINUED LEGAL BATTLE OVER ALLEGED NETSUITE SOFTWARE MISREPRESENTATIONS Judge allows fraud case to continue after customer resubmits complaint Databases12 days | 8 JET ENGINE DEALER TO MAJOR AIRLINES DISCLOSES 'UNAUTHORIZED ACTIVITY' Pulls part of system offline as Black Basta docs suggest the worst Cyber-crime21 days | 6 LOCKBIT'S CONTESTED CLAIM OF FRESH RANSOM PAYMENT SUGGESTS IT'S BEEN WELL HOBBLED Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Security23 hrs | 1 AIR NATIONAL GUARDSMAN TEIXEIRA TO ADMIT HE WAS PENTAGON FILES LEAKER Updated Turns out bragging on Discord has unfortunate consequences Security3 days | 41 The Register Biting the hand that feeds IT ABOUT US * Contact us * Advertise with us * Who we are OUR WEBSITES * The Next Platform * DevClass * Blocks and Files YOUR PRIVACY * Cookies Policy * Your Consent Options * Privacy Policy * Ts & Cs Copyright. All rights reserved © 1998–2024