Up next in 10
A major investigation reveals that over one million Australian American Express customers may be vulnerable to fraud and identity theft due to cracks in Amex's data security. The Privacy Commissioner's report highlights potential insider threats and inadequate data handling practices. #Amex #DataBreach #Privacy #Fraud #IdentityTheft
Show More Show Less View Video Transcript
0:00
Over a million Aussie American Express
0:02
card holders could be at risk of privacy
0:04
breaches, fraud, and identity identity
0:07
theft. Australia's privacy watchdog
0:10
finding significant cracks in Amex's
0:11
technology security that urgently need
0:13
fixing. As of 2023, 1.5 million Amex
0:17
cards were in circulation across the
0:19
country.
0:20
A major investigation has found more
0:22
than 1 million Australian customers of
0:25
American Express could be exposed to
0:26
fraud and identity theft. Joining us now
0:29
is the age and Sydney Morning Herald
0:31
investigative journalist Charlotte
0:32
Grieve who broke the story this morning.
0:34
Charlotte, good morning to you. So what
0:36
did you underco uncover rather in this
0:39
investigation?
0:40
So we have uncovered an interim report
0:42
from the privacy commissioner which the
0:45
report the investigation is ongoing but
0:47
this interim report does show systemic
0:49
problems with the way that American
0:51
Express manages its customers data.
0:53
What kind of personal information at
0:55
risk then? So American Express as we all
0:58
know has credit cards. So that's
1:00
everything from identity documents to
1:02
payments transaction data but it also
1:05
has travel services. So that's um you
1:08
know booking flights, accommodation and
1:11
in its interim report the privacy
1:12
commissioner found that because of the
1:14
nature of its business it actually holds
1:17
quite granular detail about its
1:18
customers lives.
1:20
That's a bit worrying. So what does it
1:21
mean then for customers? Obviously
1:22
identity theft is a major issue for
1:23
them.
1:24
That's right. So what this report
1:26
highlights is that many customers are
1:29
exposed to what uh experts are calling
1:31
the insider threat. So that's where a
1:33
rogue employee can essentially access
1:36
American Express's customers data with
1:38
very limited controls.
1:40
So American Express is denying um all
1:42
this. Um how real is the risk then of
1:45
fraud or harm to everyday customers?
1:48
So this investigation has been going on
1:50
for several years. American Express has
1:53
had the opportunity to explain its
1:55
processes, explain itself. Um, the
1:58
privacy commissioner doesn't go around
2:00
making adverse findings like this at the
2:02
drop of a hat. So, I think we should be
2:05
taking this quite seriously, but as I
2:08
said before, it's an interim finding and
2:10
well, why don't they take it seriously?
2:11
Yeah.
2:12
Well, good question. I mean, they've
2:14
denied all allegations. They say the
2:16
privacy commissioner doesn't understand
2:18
its processes properly. Um, and so we'll
2:21
have to see it play out. But the the
2:24
staff member at the center of this that
2:25
really started it all off, he was found
2:28
to have breached privacy laws and he's
2:30
still retained by the company. So I
2:32
think that says something. Yeah.
2:33
So vulnerabilities there that they're
2:34
not willing to address. Obviously
2:35
it does seem like that.
2:37
What consequences? I mean a message has
2:39
to be sent.
2:40
Um, clearly um what are the
2:42
possibilities around that? So in its
2:44
interim report, the privacy commissioner
2:46
has recommended sort of sweeping changes
2:48
to the way American Express handles its
2:51
customers data. It's recommended
2:53
investing in technology, tracking
2:55
employee access better, and on the
2:58
individual customer who made this
3:00
complaint in the first place. They've
3:01
recommended a written apology signed by
3:04
a senior executive as well as financial
3:06
compensation.
3:06
So are there are there going to be more
3:08
breaches? Are there going to be more,
3:09
you know, um pe people's details going
3:11
to start to come out like they have in
3:13
previous cases?
3:14
Dark web and things.
3:15
Well, if this interim report is anything
3:16
to go by? It certainly looks like that
3:18
could be the case.
3:19
Well, and the American Express just bury
3:20
their heads in the sand and go, "Hey,
3:22
nothing to see here."
3:22
That's right. It's crazy.
3:23
What would you do as a customer? Would
3:24
you recommend just pulling out?
3:26
Well, I mean, I guess we've got to wait
3:27
to see how the investigation plays out.
3:29
There hasn't been a final determination
3:31
yet, but I would be taking this
3:32
seriously and I would be asking American
3:34
Express how it's handling its data.
3:36
Yeah. Well, they don't like bad PR and
3:38
this is bad PR. Good on you.
3:39
Thank you so much.
#Government
#Business News
#Politics