Incident in Expense on US2, EU2, Concur Cloud for Public Sector

In the US2, EU2, and Concur Cloud for Public Sector Data Centers, customers using the American Express GL1025 file for credit card transaction feeds may have experienced issues with incorrect transaction labeling for transactions posted on or before September 2. While it was confirmed that American Express deployed a fix on September 2, preventing further impact, incident communications will continue until clean up actions have been executed. Affected users may see payment transactions displayed to employees either with no vendor name or with an "unknown" vendor, while certain fee types may be incorrectly classified as cash advances. A potential workaround for this issue has been identified. Credit card administrators for the impacted customers may be able to hide the impacted transactions or reach out to the Concur Support rep so that they can hide them on your behalf. Additionally, in some situations, it may be possible to create an audit rule to prevent the inclusion of impacted transactions in expense reports.


The Incident Response Team (IRT) has begun clean-up actions of reclassifying affected transactions and assigning them to the correct categories. Due to the complexity of the issue and sensitivity of the impacted data, the IRT is executing the remediation process on a customer-by-customer basis instead of using a mass automation mentioned in previous incident communications. The remediation process includes reclassifying unassigned transactions, adjusting them to the expected status and visibility based on customers' individual configurations, such as hidden or released in Available Expenses. The IRT advises for customers who have remaining affected transactions, to create a case or update their existing case providing approval for the IRT to complete the remediation process for their entity.
We will post the next incident communication at or before 9:00PM UTC on 24 September 2025.

In the US2, EU2, and Concur Cloud for Public Sector Data Centers, customers using the American Express GL1025 file for credit card transaction feeds may have experienced issues with incorrect transaction labeling for transactions posted on or before September 2. While it was confirmed that American Express deployed a fix on September 2, preventing further impact, incident communications will continue until clean up actions have been executed. Affected users may see payment transactions displayed to employees either with no vendor name or with an "unknown" vendor, while certain fee types may be incorrectly classified as cash advances. A potential workaround for this issue has been identified. Credit card administrators for the impacted customers may be able to hide the impacted transactions or reach out to the Concur Support rep so that they can hide them on your behalf. Additionally, in some situations, it may be possible to create an audit rule to prevent the inclusion of impacted transactions in expense reports.

The Incident Response Team (IRT) has identified and is currently building an automated process that will clean-up remaining impacted transactions that are unassigned to expense reports. The IRT advises for affected users to remove any impacted transactions from existing expense reports to ensure a successful clean-up execution.
Deployment for this repair work is reliant upon successful internal testing but is currently targeted for the end of next week. Additionally, the IRT continues working with American Express vendor contacts to acquire details necessary to perform cross validation checks and assure the internal automated process captures all impacted transactions.
Our next scheduled update will be 9PM UTC on 11 September or sooner should a significant change occur.

After further investigation, the Incident Response Team (IRT) has determined that the breadth of impact for an ongoing investigation has exceeded our original understanding. Moving forward, incident communications will be posted on Concur Open.

In the US2, EU2, and Concur Cloud for Public Sector Data Centers, customers using the American Express GL1025 file for credit card transaction feeds may have experienced issues with incorrect transaction labeling for transactions posted on or before September 2. While it was confirmed that American Express deployed a fix on September 2, preventing further impact, incident communications will continue until clean up actions have been executed. Affected users may see payment transactions displayed to employees either with no vendor name or with an "unknown" vendor, while certain fee types may be incorrectly classified as cash advances. A potential workaround for this issue has been identified. Credit card administrators for the impacted customers may be able to hide the impacted transactions or reach out to the Concur support rep so that they can hide them on your behalf. It is also recommended to create an audit rule to prevent the inclusion of impacted transactions in expense reports.

The Incident Response Team (IRT) met with American Express vendor partners. It has been confirmed that root cause was determined, and a fix was deployed on September 2, preventing further impact. The Incident Response Team is collaborating with vendor teams to determine the most effective clean up actions.

Our next scheduled update will be at or before 9:00PM UTC on 05 September.