A breach that initially affected only about 75 customers may actually have affected some 700,000, according to pharmaceutical benefits management company Express Scripts.
In October 2008, Express Scripts said it received a letter from an unknown hacker who threatened to expose millions of the company's members' records on the Internet if Express Scripts did not pay a ransom. The extortion letter included personal information on 75 members, including their Social Security numbers, addresses, dates of birth, and, in some cases, prescription information.
In November 2008, a small number of additional clients also received similar letters, the company says. Express Scripts notified the FBI of the threat, and an investigation was launched.
Recently, Express Scripts posted an update on the investigation, stating the perpetrator has "taken action to prove that he possesses more member records from the same period as those identified in the 2008 extortion attempt."
Express Scripts says it is "in the process of notifying" the other members whose identities may have been compromised. In a news report, a spokeswoman said some 700,000 are being notified.
Express Scripts is not saying how the data may have been stolen, but its Website says it has taken "aggressive action" to enhance its security operations and data-handling procedures. The company says it will not give in to the extortionist, but it is offering a $1 million reward for information leading to the arrest and conviction of the hacker.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio