Security & Fraud

Amex Suffers Breach In India

Amex India Database Accessible in October

American Express India enabled a database to be accessible to anyone for longer than five days in October, according to a report in The Next Web.

According to the report, the Hacken cyber consultancy team’s director of cyber risk research, Bob Diachenko, discovered the unprotected database on Oct. 25, and told The Next Web that it included customer names, phone numbers, addresses, PAN numbers and Aadhaar IDs.

Diachenko said the database was mostly encrypted, but that certain data sets included readable data. The largest had 689,272 records available in plain text, noted the report. The researchers said the Amex MongoDB database had been available on BinaryEdge – a popular list of exposed databases – since Oct. 20, but potentially even longer.

The report noted that Amex’s database was already available to the public five days before Diachenko found it. Diachenko said that he found an additional 2.3 million records that were encrypted and were managed by a third-party company instead of Amex’s own team. Amex reportedly fixed the problem as soon as it received the alert, and said the encryption prevented any access and impact to customer data.

In October, American Express posted results that showed increases in card member spending and lending activity. Overall, billed business gained 8 percent to $294.7 billion, filings showed. (Billed business is defined as transaction volume, including cash advances.) The company said in its release that total card member spending was up 8 percent, and 10 percent when adjusted for FX.

In terms of headline numbers, American Express posted a profit of $1.88, which beat expectations by $.11. Revenues of $10.1 billion edged expectations of $10.05 billion. Discount fees, which are charged to merchants, stood at $6.2 billion, gaining 8 percent for the year. Top-line segmentation showed that total consumer services revenues, net of interest expense, was $5.4 billion, while commercial services was $3.2 billion.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.