American Express has disclosed a data breach that occurred more than two years ago and is actively encouraging customers to monitor their accounts for fraudulent activity. The scope of the December 2013 breach remains undisclosed at this time.
According to a Finextra release issued Thursday (March 17) on the matter, compromised information may include account numbers, names and card expiration dates.
Amex published a letter this month on the California attorney general's site confirming that it is "aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system." The third-party provider remains unnamed at this time.
"It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure," Stefanie Ash, Chief Privacy Officer at American Express, wrote in the letter.
All cardholders are encouraged to review their statements, particularly in the next 12-24 months. Amex's letter offered up various tips for account security and encouraged customers to sign up for instant notifications of potential suspicious activity.
Check back at PYMNTS.com for updates as this story develops.