American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered the breach. The account information of some card holders may have fallen into the wrong hands.
Source: Malwarebytes Unpacked