Information Security News mailing list archives
Extortion used in Express Scripts database breach
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 7 Nov 2008 03:02:26 -0600 (CST)
http://news.cnet.com/8301-10789_3-10084187-57.html By Robert Vamosi Defense in Depth CNet News November 6, 2008 The customer database of Express Scripts, a company used by employer health care services to provide prescription medicine by mail, has been breached. In a twist, the company said it learned of the breach in "a letter from an unknown person or persons trying to extort money from the company." The company posted details [1] on its Web site Thursday. The letter, received in October, threatened to reveal millions of customer records--including Social Security numbers, addresses, dates of birth, and in some cases, prescription information--on the Internet if the extortion demands were not paid. The company did not disclose what those demands were. Graham Cluley, of security software maker Sophos, told CNET News that Express Scripts did things right. "It appears they have not paid up." He noted that's important with data theft because the criminals have the data in their possession and can keep going back to the company to get more and more money. Second, Express Scripts went to the FBI and decided to go public about the breach. "We have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls," Express Scripts said on its site. [1] http://www.esisupports.com/ [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
Current thread:
- Extortion used in Express Scripts database breach InfoSec News (Nov 07)