Thursday, April 17, 2025
HomeLawAmerican Express (Amex) Fined £90,000 For Sending 4 Million Spam Emails Within...

American Express (Amex) Fined £90,000 For Sending 4 Million Spam Emails Within a Year

Published on

SIEM as a Service

Follow Us on Google News

The American Express (Amex) was recently fined £90,000 by the British data regulator for sending more than 4 million spam emails containing marketing campaigns within a year to its customers.

The UK Information Commissioner’s Office (ICO) investigated the whole matter and found that American Express (Amex) had broken the law by firing these spam emails containing marketing campaigns to a total of about 50 million of its customers.

And not only that even they have classed all these spammy emails as servicing emails. The chief investigator of ICO, Andy Curry asserted that “This is a clear example of a company that went wrong and now faces the consequences.”

- Advertisement - Google News

The spammy emails that were sent by Amex to all its customers between 1st June 2018 and 21st May 2019, which is about 12 months, are specially designed by Amex to encourage all its customers to make purchases via their cards, and in turn, they could gain financial benefits.

This £90,000 fine was effectively a small charge for the American Express (Amex), as according to the balance sheet the bank has made $1.4 billion only in the last quarter of 2020. While in the case of Q1 FY2021 American Express proclaimed a net income of $2.2 billion.

Moreover, during the investigation, the ICO discovered that the customers who were getting these spammy emails have deliberately opted out from them.

But, to defend the reputed image of the company, Amex denied these complaints and claimed that all these emails are mot marketing emails, as they classed these emails as servicing emails.

As a result, the company straightly rejected the proposal of ICO to re-evaluate its marketing strategies, and they defined these emails to ICO as communication of advertising or essential requirements of Credit Agreements with customers.

However, ICO defined that without the free consent of its customers Amex has broke Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR) by sending these spam or marketing emails.

ICO also offered a 20% discount (the reduced amount will be £72,000) on the total fine amount of £90,000 to Amex, if they will pay the fine in advance, while the normal payment date is set by ICO is June 17.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Ransomware Attacks Surge 126%, Targeting Consumer Goods and Services Sector

The cybersecurity landscape witnessed a dramatic escalation in ransomware attacks, marking a concerning trend...

CrazyHunter Hacker Group Exploits Open-Source GitHub Tools to Target Organizations

A relatively new ransomware outfit known as CrazyHunter has emerged as a significant threat,...

Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis

A sophisticated multi-layered phishing campaign was uncovered, employing a complex attack chain known as...

Microsoft Vulnerabilities Reach Record High with Over 1,300 Reported in 2024

The 12th Edition of the Microsoft Vulnerabilities Report has revealed a significant surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to...

Security Risk Advisors Announces Launch of VECTR Enterprise Edition

Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version...

Europol Concerns Over Privacy Enhancing Technologies Challenge Lawful Interception

A new position paper argues that Privacy Enhancing Technologies (PET) used in Home Routing...