By Robert Vamosi
Defense in Depth
November 6, 2008
The customer database of Express Scripts, a company used by employer
health care services to provide prescription medicine by mail, has been
breached. In a twist, the company said it learned of the breach in "a
letter from an unknown person or persons trying to extort money from the
The company posted details  on its Web site Thursday. The letter,
received in October, threatened to reveal millions of customer
records--including Social Security numbers, addresses, dates of birth,
and in some cases, prescription information--on the Internet if the
extortion demands were not paid. The company did not disclose what those
Graham Cluley, of security software maker Sophos, told CNET News that
Express Scripts did things right. "It appears they have not paid up." He
noted that's important with data theft because the criminals have the
data in their possession and can keep going back to the company to get
more and more money. Second, Express Scripts went to the FBI and decided
to go public about the breach.
"We have identified where the data involved in this situation was stored
in our systems and have instituted enhanced controls," Express Scripts
said on its site.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!