Cyber Incident Victim: American Express Mexico

On or around January 5, 2021, a threat actor publicly leaked data belonging to 10,000 Mexico-based American Express credit card holders on a hacker forum. The leaked dataset, shared freely as a sample, contained full American Express account numbers alongside customers' personally identifiable information (PII), including names, full addresses, phone numbers, dates of birth, and gender. Analysis by BleepingComputer confirmed the absence of credit card expiration dates, passwords, or other highly sensitive financial details that could directly facilitate fraudulent transactions. In the same forum post, the actor advertised additional datasets for sale, claiming to possess information on Mexican banking customers of American Express, Santander, and Banamex. The threat actor explicitly stated their intent was limited to enabling spam or marketing activities rather than enabling financial fraud, emphasizing they did not sell passwords or ID numbers. The disclosure was identified and reported by threat intelligence analyst Bank Security.

American Express acknowledged awareness of the incident and confirmed it was monitoring the situation but did not explicitly confirm or deny a breach. The company reiterated its standard policy that cardholders are not liable for fraudulent charges and highlighted existing safeguards, including sophisticated monitoring systems to detect suspicious account activity. Amex advised impacted customers to review their account statements for unauthorized transactions and remain vigilant against targeted phishing attempts, noting that scammers might leverage exposed PII and partial card details to enhance the credibility of fraudulent communications. No further details regarding the breach's origin, intrusion methods, or total number of potentially affected customers beyond the initial 10,000 were disclosed by American Express at the time of reporting.