Breach At Pharmaceutical Benefits Company May Have Affected 700,000
FBI investigation of 2008 incident leads Express Scripts to notify hundreds of thousands about potential breach
A breach that initially affected only about 75 customers may actually have affected some 700,000, according to pharmaceutical benefits management company Express Scripts.
In October 2008, Express Scripts said it received a letter from an unknown hacker who threatened to expose millions of the company's members' records on the Internet if Express Scripts did not pay a ransom. The extortion letter included personal information on 75 members, including their Social Security numbers, addresses, dates of birth, and, in some cases, prescription information.
In November 2008, a small number of additional clients also received similar letters, the company says. Express Scripts notified the FBI of the threat, and an investigation was launched.
Recently, Express Scripts posted an update on the investigation, stating the perpetrator has "taken action to prove that he possesses more member records from the same period as those identified in the 2008 extortion attempt."
Express Scripts says it is "in the process of notifying" the other members whose identities may have been compromised. In a news report, a spokeswoman said some 700,000 are being notified.
Express Scripts is not saying how the data may have been stolen, but its Website says it has taken "aggressive action" to enhance its security operations and data-handling procedures. The company says it will not give in to the extortionist, but it is offering a $1 million reward for information leading to the arrest and conviction of the hacker.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024