From AmEx’s (AXP) notification to the California Attorney General’s Office:
Hacktivist group “Anonymous Ukraine” has published card data to internet. Several postings have been made.
AXP was informed by law enforcement that several large files containing personal information were posted on internet sites by claimed members of “Anonymous”, a worldwide hacking collective. The source(s) of the posted data is/are not currently known. The posted records contained varying data elements, but AXP has identified, and is providing notice via mail to, 58,522 California residents whose names and corresponding AXP account numbers were involved. AXP also identified among the posted files additional Card account information pertaining to 18,086 California residents. Because customer names were not included in that additional group, Calif. Civil Code s. 1798.29(e); is not applicable, though we are providing notice of this incident via mail to that population as well. A copy of the notice letter provided to the 76,608 California residents is attached.