The personal information of some American Express Co. customers has been compromised.
American Express issued a letter dated Sept. 30 that an employee may have accessed personally identifiable customer information "in an attempt to conduct fraudulent activity," including possibly opening accounts at other financial institutions. The company has launched an investigation and is working with law enforcement.
"I would note that this was not a breach of American Express' systems," Jocelyn Seidenfeld, director of public affairs, said in an emailed statement. "The individual in question is no longer an employee of American Express."
A "small number" of customers were impacted, though Seidenfeld declined to say exactly how many. The company also declined to detail when the breach was detected but said affected customers are being notified.
As a result of the incident, affected customers' names, current or previously issued American Express account numbers, physical and billing addresses, dates of birth and Social Security numbers were compromised, the company said in the letter. It has arranged a complimentary two-year membership of Experian IdentityWorks, which provides identity theft protection and helps detect misuse of personal information.
"Our customers are not liable for any fraudulent charges on their American Express cards," Seidenfeld said. "Ensuring the security of our customers' information is our top priority."