American Express privacy breach: Commissioner orders apology and tighter controls after failure to protect customer data

Staff Editor 2026-06-15
American Express privacy breach: Commissioner orders apology and tighter controls after failure to protect customer data

American Express privacy breach: Commissioner orders apology and tighter controls after failure to protect customer data

https://www.smh.com.au/business/banking-and-finance/american-express-ordered-to-fix-security-gaps-after-customer-was-spied-on-20260612-p606ei.html

Publish Date: 2026-06-15 06:00:00

Source Domain: www.smh.com.au

Save

You have reached your maximum number of saved items.

Remove items from your saved list to add more.

AAA

The privacy watchdog has ordered American Express to rectify security flaws in five of its data systems to guard against “insider threats” and to restrict employee access to specific customer information to protect vulnerable and high-profile customers.

Privacy Commissioner Carly Kind found the payments giant had “failed to implement appropriate, uniformly applied technical and organisational measures to address insider security risks posed by its staff”.

Privacy Commissioner Carly Kind has found against American Express.Louie Douvis

The failure was “particularly significant”, she said, “given AMEX was on notice of the need for uniform monitoring coverage across all frontline teams having experienced … [a] previous insider threat incident”.

She ordered American Express to issue a written apology to the customer who first brought the holes in its data security to the regulator’s attention and who has fought for four years for action to protect the privacy of millions of customers worldwide.

She also ordered the company to ensure a time-stamp log of entry is recorded when an employee accesses or takes action on a customer’s records across the five systems.

However, in a 14-page summary of her determination posted to the Office of the Australian Information Commissioner website on Monday, Kind did not specify what compensation she had awarded the complainant. Nor did she include details of any wider security weaknesses she may have identified in other company data systems aside from the five at the centre of the complaint.

Related Article

Amex is embroiled in a privacy scandal.

Her preliminary view, made more than a year ago and obtained by this masthead, included the revelation that American Express could “neither audit nor enforce its policies about an employee’s access to personal information for 88 of its systems, that is, for 78 per cent of … [its] systems that hold the…

Source

More Stories

Farm data privacy: who owns it once AI gets involved?

Farm data privacy: who owns it once AI gets involved?

Staff Editor 2026-06-15
UK To Ban Social Media For Kids Under 16

UK To Ban Social Media For Kids Under 16

Staff Editor 2026-06-15
American Express failed to prevent unauthorized data access, Australian watchdog finds | MLex

American Express failed to prevent unauthorized data access, Australian watchdog finds | MLex

Staff Editor 2026-06-15

Terms and Conditions - Privacy Policy