An American Express Travel Related Services Company and or one of its affiliates reported three data breaches to the California Attorney General (AG) in early January.
The breaches occurred on Oct. 18 and Dec. 21 in 2014 and March 22, 2015, according to notifications on the California AG website.
Account numbers, names and other card information such as the expiration dates were believed to have been exposed in all of the breaches while four-digit security codes printed on the front of the cards were compromised as well in the December and March incidents.
An American Express spokesperson told SCMagazine.com in an email correspondence that the incidents were not breaches of the AXP environment and that the notices were sent out of courtesy, not legal obligation. The spokesperson, who said the company doesn't share third-party names, did not provide further details.
