Earlier this week American Express notified its customers of a data breach. According to the company as many as 76,000 thousand customers have had credit data compromised including names and account numbers. The company also stated that as many as 18,000 California residents may have had additional information lost but not their names.
Law enforcement notified American Express that large files containing customer information was posted online and they suspect the “hacktivist” group Anonymous Ukraine to be the culprit.
This past march Anonymous Ukraine released more than 7 million credit card records as a protest against financial companies for “enslaving people.” Included in that massive release were over three million VISA card records, 1.7 million MasterCard records and 600,000 Discover card records. The group clams to have as many as 800 million credit card records.
Security experts don’t believe it. Experts believe the group is simply boasting and maybe recycling older, previously hacked card information. No one has identified the source of the data or leaks as of yet.
Equifax Vice President Scott Mitic called the incident “yet another in the nearly constant stream of data breaches that affect U.S. consumers today. It’s part of our day-to-day to lives.”
Mitic urged AmEx cardholders to check all recent transactions, place fraud alerts on their accounts and check their credit reports.
Although it is not known when the data was breached AmEx discovered the breach on March 25, according to the company.
American Express has instituted additional fraud monitoring on affected card, and assured customers that they are not liable for any fraudulent charges.
Breaking It Down
Here is the key to the above article. AmEx knew of the breach on March 25th. Today is June 5th! African-American AmEx card holders are asking why the long wait? Any AmEx card holder would have wanted to know a little sooner. Am I right? The problem is that they are not obligated by any effective law requiring them to tell you any sooner. Yeah, there are plenty of states that have data breach laws but who’s laws apply here? AmEx is a global company.
We need more stringent data breach laws and more data breach lawsuits to put an end to this. Right now there is no financial or judicial punishment when these things happen. Companies fear very little after a data breach. Except maybe losing sales or customers. That’s no small thing at all but there needd to be enforceable laws to stop this…NOW!
Let me explain something to you. AmEx is a global, multi-billion dollar company. If a customer discovers fraudulent charges on their card AmEX is willing to spend a few hundred or few thousand or a few hundreds of thousands of dollars to fix the problem. In other words they look at it as the cost of doing business. A crook would say “Don’t do the crime if you can’t do the time.” So as long as companies feel that way they are not scared of these data breaches or the consequences. They just pay the price and keep it moving.
Now, if Anonymous Ukraine is telling the truth about the 800 million records they say they have then who is responsible for that loss? When are we gonna see these financial executives sitting in in front of Congress explaining that? They demanded answer from the automobile executives, cigarette companies, even the IRS. So how about these big financial companies?See the government is not acting so there is little these companies fear. Another question also comes to mind, if they have 800 million records who is not included on that list?