As per a recent finding of Bank Security, data of 10,000 American Express credit cardholders’ accounts from Mexico has been posted by a threat actor on one of the underground forums for free. Reportedly, the same threat actor, in another post on the forum, has claimed to sell more data of Mexican banking customers of American Express, Santander, and Banamex.
A Threat Actor shared for free over 10,000 American Express México 🇲🇽 (@amex_express_mx) customer Data and claimed to also have data from @SantanderMx, @Citibanamex and more. pic.twitter.com/3rmoRrWyR3
— Bank Security (@Bank_Security) January 3, 2021
What the Leaked American Express Data Contains
Based on the screenshots shared by Bank Security, the leaked data set has potentially exposed American Express account (credit card) numbers and the personally identifiable information (PII) of its customers, which includes names, phone numbers, full address (including postal code), birth dates, gender, membership reward details, etc.
In a statement shared with Bleeping Computers, the card company said, “American Express Card Members are not liable for any fraudulent charges on their accounts. American Express has sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspect activity. If we see there is an unusual activity which may be fraud, we will take protective actions.”
Since the leak contains full credit card information of American Express cardholders, it could be used in phishing and smishing (SMS phishing) attacks and tele-calling scams. Thus, as a precautionary measure, all American Express cardholders (not just limited to Mexico but worldwide) are advised to stay vigilant about any suspicious activities related to their credit card accounts. Ensure you personally monitor your account statements or register for a credit monitoring service.