This morning, a close friend of mine pointed me to some interesting documents on the American Express website. These documents seem to be leaking sensitive information including detailed activity for a corporate purchasing card.

The documents clearly show the amounts, the specific merchants, dates, and places where the transaction was made and more. The documents include a complete Microsoft Office Excel breakup of the charges, with account numbers and other details. These documents were not password protected or on a protected website, they were completely in the open, no authorization needed.

We notified American Express of these details of via their online contact form (which is available after you log into their system), at approximately on June 7th, 2010, at 9:17 AM PDT. The files were still available on the American Express website as of June 7th, 2010, at 9:28 AM PDT.

We’re curious if these are fake documents deliberately put out on the site. If they are, it would be interesting to know why they have chosen to do so.

We hope someone at American Express will take notice of this important issue. As previously mentioned, American Express was contacted prior to this posting. (Edit: See the reply from American Express below.)
Read more…

News, Report, Security amex, credit card, leak, statement