We’re starting to think Amex doesn’t take this whole “data security” thing very seriously. First they confused a customer, and us, a few months ago with their random confirmation phone call, where they demanded a customer turn over bank account information over the phone without giving him a way to verify they were really Amex. Now a reader says the company has “for years” been sending him someone else’s account info via email, including the customer’s name and the last 5 digits of his account number. J.R. writes, “Seriously, I’ve seen better security on a video game forum.”
For years, American Express has flooded my inbox with emails intended for one of their customers (who gave them my address by mistake).
These emails contain sensitive data, including the customer’s name *and last five digits of his account*.
Get this: American Express doesn’t send out email verification letters!
I could tell you the whole sad, scary, hilarious story if you want me to, including the bit where the superior of a superior I finally talked to told me flat out that, “American Express does not email its customers the last five digits of their account,” and then sat in awkward silence as I *quoted him back his own company’s email*.
I just wanted you to know that customers of American Express may have their sensitive data compromised, and that AmEx makes this damn near impossible to report a case like this and then does absolutely nothing about it.
Seriously, I’ve seen better security on a video game forum.