|
|
|
Last Updated: Nov 17th, 2008 - 12:30:30 |
A New "Script" in the ID Theft Game
In what is an astonishingly brazen move, a hacker or sophisticated
hacker group sent an extortion letter to Express Scripts, one of the
largest pharmacy benefits management companies in North America,
threatening to expose millions of the company's patients' information,
including: names, social security numbers, addresses, birthdates and
even some prescription information if they were not paid a significant sum of money.
Express Scripts handles the pharamacy benefit plans for many major
corporations, insurance carriers and more, so the volume of information
that may (or may not be) available to be posted could be staggering.
Express Scripts indicates that the extortion letter included the
aforementioned information on 75 members, apparently trying to convince
the company of the seriousness of their intent. The company did not immediately release the information to the public, instead beginning "internal forensic research" (ok, so they started looking to see who hacked - someone on the inside or someone on the outside!) and then contacting the FBI (must be outside!) to get them involved. The fact that they involved the FBI worries me less than the fact that the FBI is still investigating, and several weeks after receiving the letter Express Scripts announced a $1 million reward for information on the hacker -- that tells me one of two things: they have no clue who did and how serious they are (bad, very bad!) or they know it was somebody big and are hoping some junior gopher in the organization will spill the beans for the reward. (again, bad, very bad.)
Express Scripts has set up a website to answer customer questions as much as they can - and they're not spilling much at this point. They have not indicated whether they know what system was hacked (current patients, former patients, which companies might be affected) or when the hacking took place. The site does say that there has been "no indication" to date that ID theft has happened because of this, but they are contracting with Kroll, who provide ID Security management and insurance, in case. Which, to me, seems to indicate that this is really not good -- and that there is some reason to believe that the "person or persons" responsible are definitely "bad guys" not your average "hack to say they did it" sort.
The website can be found here. I'll update this as often as info comes out. To date, the $1 million is unclaimed.
© EsignPortal Website Design: Copyright 2008 by Orion Systems, Inc. All other material are or may be copyright protected by their respective owners.
Top of Page
|
|
|
|
