http://news.cnet.com/8301-10789_3-10084187-57.html By Robert Vamosi Defense in Depth CNet News November 6, 2008 The customer database of Express Scripts, a company used by employer health care services to provide prescription medicine by mail, has been breached. In a twist, the company said it learned of the breach in "a letter from an unknown person or persons trying to extort money from the company." The company posted details [1] on its Web site Thursday. The letter, received in October, threatened to reveal millions of customer records--including Social Security numbers, addresses, dates of birth, and in some cases, prescription information--on the Internet if the extortion demands were not paid. The company did not disclose what those demands were. Graham Cluley, of security software maker Sophos, told CNET News that Express Scripts did things right. "It appears they have not paid up." He noted that's important with data theft because the criminals have the data in their possession and can keep going back to the company to get more and more money. Second, Express Scripts went to the FBI and decided to go public about the breach. "We have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls," Express Scripts said on its site. [1] http://www.esisupports.com/ [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 07 2008 - 01:02:26 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 07 2008 - 01:06:08 PST