AMEX reports data leak of their APAC employee data

American Express (AmEx), has reported an ncident involving the unauthorized access of employee data by a former staff member.

This cause of the breach occurred when the ex-employee was mistakenly granted access to a third-party payroll system used by AmEx. This breach was published on Instagram, where The Aussie Corporate account shared an anonymous message through a reel, revealing the extent of the breach. The breach primarily affected employees in the Asia Pacific region and was attributed to an ex-employee located in India.

The anonymous message shared on Instagram claims that the compromised data encompassed a wide array of sensitive information essential for identity theft, such as:

• bank account details
• names,
• addresses,
• payment histories,
• tax file numbers.

The impact was broad-reaching, with the entire employee base in the Asia Pacific region being affected.

In response to this incident AmEx confirmed the incident but clarified that no financial details or bank account information had been accessed by the former employee. Instead, the breach had an impact on a specific subset of colleagues.

However, specific details concerning the exact number of affected employees and the precise nature of the exposed data were not disclosed by AmEx. Given that AmEx has over 77,000 employees globally, even exposing 20% of them as part of the APAC region is a significant impact.

AmEx pushed the blame for the incident onto the third-party payroll service provider which accidentaly granted access to employment-related data of certain colleagues based in the Asia Pacific region.

To mitigate potential harm, American Express is offering two years of identity theft protection services to those impacted. Importantly, it was emphasized that the breach did not extend to American Express Card member data, reassuring customers about the safety of their financial information.