Drug-benefits provider Express Scripts announced on Tuesday that it had established a large fund to reward people who provide information leading to the capture and prosecution of the online attackers that stole sensitive data from its servers and then attempted to extort money from the company and its customers.
The company announced last week that it had received a letter containing the personal information of 75 customers and a demand for money. Since then, the provider's members have received letters listing their personal information -- including names, dates of birth, Social Security numbers, and in some cases, their prescription information -- and a demand for money, the company said in a statement.
"We are cooperating fully with the FBI to assist them in their investigation and doing what we can to protect our members," George Paz, CEO of Express Scripts, said in the statement announcing the bounty. "We hope that establishing a reward will bring forward useful information. We will do what we can to help find those responsible as quickly as possible."
Express Scripts is not the first company to face black mail, though criminals have typically used threats of denial-of-service attacks to demand money. Past extortion attempts have targeted online service sites -- such as online gambling and gaming sites -- threatening to take down the site unless money is paid. Some power utility companies have also allegedly been the target of extortionists, who threaten to cause blackouts unless paid.
Express Scripts also promised members free identity-restoration services if their data is used by the criminals. The company announced that it had contracted with well-known risk-consulting firm Kroll to assist any members that suffer identity theft.
"Express Scripts recognizes that this situation is concerning to our clients and members," Paz said in the statement. "We want to assure them that they will have our constant support until their issues are resolved."
Anyone that has information regarding the extortion threats can contact the FBI at 800-CALL-FBI, the company said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos