Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Benefits firm reveals breach after extortion threat
Published: 2008-11-07

Pharmacy benefits-management firm Express Scripts warned on Thursday that data thieves had sent a letter to the firm demanding cash and revealing sensitive information on 75 customers.

In early October, Express Scripts (corrected) received a letter claiming that the company's network had been breached and threatening to release millions of customer records unless the firm paid money to the thieves. The letter listed personal information on 75 of Express Scripts' members, including their names, dates of birth, social security numbers, and in some cases, their prescription information, the company stated. Express Scripts added that it had reported the crime to the FBI, which is currently investigating.

"We have been conducting a thorough investigation since we received this threat and we are taking it very seriously," George Paz, chairman and chief executive officer, said in a statement. "We are cooperating with the FBI and are committed to doing what we can to protect our members’ personal information and to track down the person or persons responsible for this criminal act."

Extortionists have frequently targeted online service sites -- such as online gambling and gaming sites -- threatening to attack the service with a denial-of-service attack unless paid money. Some power utility companies have also allegedly been the target of extortionists, who threaten to cause blackouts unless paid.

In its statement, Express Scripts claimed to have a variety of security measures in place to protect its customers' data.

"However, as security experts know, no data system is completely invulnerable," CEO Paz said in the statement. "We continue to conduct our investigation. We are notifying our members and clients to enable them to take steps to protect themselves from possible identity theft."

CORRECTION: The original article had misspelled the name of the company, Express Scripts.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus