American Express failed to prevent unauthorized data access, Australian watchdog finds
By Saloni Sinha ( June 15, 2026, 09:08 GMT | Insight) -- American Express Australia breached the country’s privacy laws by failing to take reasonable steps to protect a customer's personal information from unauthorized access by an employee, the privacy regulator has found. In a statement on Monday, the Office of the Australian Information Commissioner said the financial-services company failed to adequately mitigate insider security risks after an employee accessed the complainant's personal information “for purposes outside of legitimate business purposes.” American Express Australia breached the Australian privacy laws by failing to take reasonable steps to protect a customer's personal information from unauthorized access by an employee, the privacy regulator has found....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.