No guarantees AMEX has learnt lesson from security breach

June 17, 2026 — 5:48am

You have reached your maximum number of saved items.

Remove items from your saved list to add more.

The Australian Privacy Commissioner has found American Express Australia breached privacy law by failing to adequately protect a customer’s personal information from unauthorised internal access and then threatened the complainant with court action to ensure his silence on the details.

It follows years of lies, obfuscation and pushbacks by the company and delays and inaction by both the independent statutory agency promoting privacy and information access rights and a free independent ombudsman service that helps individuals and small businesses resolve disputes with financial firms.

Privacy Commissioner Carly Kind ordered American Express to rectify security flaws in five of its data systems to guard against “insider threats”, restrict employee access to specific customer information and provide a written apology to the customer who first brought the holes in its data security to the regulator’s........

© The Sydney Morning Herald