Threat Actor Posts Credit Card Info of 10,000 Amex Customers for Free on Hacking Forum

A data broker is offering freebies on a hacking community forum. According to a security analyst, the threat actor posted the information of 10,000 Mexico-based American Express cardholders, with an offer to sell additional details of customers from Santander and Banamex banks as well.

An analysis of the leaked data by BleepingComputer revealed that the information includes sensitive information such as American Express credit card numbers alongside full names, physical addresses, phone numbers and date of birth.

No credit card expiration dates or account passwords were found among the exposed data, as the threat actor emphasized he only wants the data to be used for marketing or spam.

“I do not sell private data such as password, card information, id number. With the data I sell or share, you are only exposed to spam or marketing :),” the data broker claimed.

In a statement, American Express acknowledged the leak’s legitimacy, specifying that the company is closely monitoring the case, and assured customers that it is not susceptible to any fraudulent charges on their accounts.

“We are aware of the report and are closely monitoring the situation. We do not have anything further to share at this time,” Amex said. “However, as a reminder, American Express Card Members are not liable for any fraudulent charges on their accounts. American Express has sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspect activity. If we see there is unusual activity which may be fraud, we will take protective actions.”

Despite these assurances, Amex cardholders should be on the lookout for any phishing emails, SMS messages or phone calls using the leaked information to gather additional sensitive info.

Customers should also regularly review their credit card statements and report any suspicious activity to their bank and local authorities.

1 in 4 people is likely to be a victim of data breaches. Have you ever been exposed? Find out now with Bitdefender’s Digital Identity Protection.