[ISN] Express Scripts: 700,000 notified after extortion

From: InfoSec News <alerts_at_private>
Date: Fri, 2 Oct 2009 04:36:52 -0500 (CDT)

By Robert McMillan
September 30, 2009
IDG News Service 

Nearly a year after being hacked by computer extortionists, pharmacy 
benefits management company Express Scripts now says hundreds of 
thousands of members may have had their information breached because of 
the incident.

Last November, the company reported that someone had threatened to 
expose millions of customer prescription records, but it has come under 
criticism for being vague about how many of its customers' records were 
accessed. Now the company says that about 700,000 have been notified.

The trouble started for the St. Louis-based company in October 2008, 
when it received a letter containing the names, birth dates, Social 
Security numbers and prescription data of 75 patients. The extortionists 
threatened to turn the information public if they weren't paid. Express 
Scripts refused and instead notified the U.S. Federal Bureau of 
Investigation. The company is now offering a US$1 million reward for 
information leading to the arrest of the perpetrators.

Express Script has not said how the criminals managed to get hold of the 
data, but in an e-mailed statement the company said that "there have 
been no reported cases of misuse of member information resulting from 
the incident."


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Fri Oct 02 2009 - 02:36:52 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 02 2009 - 03:03:18 PDT