August 13, 2009
I received a letter from American Express today stating "I am writing to inform you of an unfortunate issue concerning your American Express Card. We recently learned that certain account data was acquired without authorization by an employee who is no longer with the company. The former employee has been arrested, and we are cooperating with law enforcement authorities with their ongoing investigation. Based upon our analysis to date, the information that was acquired included your American Express Card account number and may also have included one or more of the following: your name, information from the magnetic stripe on the back of your card (including expiration date), PIN number, state of residence, and/or zip code. Importantly, the data acquired did not include your Social Security Number...."
I called American Express and found out that on June 24, 2009 an ex-employee of American Express was arrested at a Phoenix airport. This employee was arrested for stealing an American Express laptop containing customer data on it. This ex-employee was a database analyst. There were 4 people involved in the possible theft of customer data from American Express, which includes the ex-American Express employee. Two of the ex-American Express accomplices have been caught. The 4th perpetrator is still at-large and a warrant has been issued for his arrest.
This information will soon be captured by news media.
