Amex to notify Calif. customers of card dump linked to Anonymous

Share this article:
Jeremy Hammond has accused U.S. authorities of using Sabu to facilitate hacks.
American Express will notify California customers affected by the Anonymous dump.

Nearly three months after Anonymous Ukraine claimed to expose roughly 7 million records, American Express has penned a letter to the California Attorney General's office saying that it will send breach notifications to 76,608 residents in the state affected by the disclosure.

In accordance with California Civil Code s. 1798.29(e) and Calif. Civ. Code s. 1798.82(f), requiring companies to notify customers of breaches, Amex completed an incident reporting form, stating that it was informed by law enforcement, identified in the filing as the U.K. National Crime Agency, that several large files containing personal information were posted on internet sites...”

The records, the notification said, “contained varying data elements” that prompted the payment card company to notify, via mail, “58,522 California residents whose names and corresponding [American Express] account numbers were involved.”

The company also identified “additional card account information pertaining to 18,086 California residents” that was exposed, even though California law does not require it to do so, since customer names were not revealed in the dump.

Initially there was speculation that the records exposure was not actually orchestrated by Anonymous and that the data seemed dated, but Amex's letter to the California OAG refers to the hackers as “claimed members of ‘Anonymous'.” The alleged members of the hacktivist group posted some of the information on Pastebin, followed by a release of data on Twitter.

The group said it published the records to protest the U.S. government and its perceived manipulation of the financial markets.

"After the USA showed its true face when she unilaterally decides which of the peoples to live independently and who under the yoke of the Federal Reserve, we decided to show the world who is behind the future collapse of the American banking system," the group said in a Pastebin post that has since been removed, but was published by Wired.

In its notification letter to California residents, American Express says, “At this time, we believe the recovered data may include your American Express Card account number, the card expiration date, the date your card became effective and the four digit code printed on the front of your card.”

The company also offered assurances that the Social Security numbers of customer were not impacted in the incident.

As part of the records dump, Anonymous Ukraine included records from Visa, MasterCard and Discover. Risk Based Security analyzed the group's data dump on Twitter and said it included 6,064,823 new cards, with 668,279 belonging to American Express, 3,255,663 to Visa, 1,778,749 to MasterCard and 362,132 to Discover.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.