Criminal tries to extort money out of Express Scripts 
(12/11/2008)
Although there was a recent story about someone accused of trying to get money out of Maserati after allegedly stealing customer information, it’s pretty rare to hear stories of data thieves trying to extort money their victims rather than the more “conventional” stories of distributed denial-of-service (DDoS) and ransomware blackmail attempts.
According to a press release byExpress Scripts, an unknown person or persons sent an extortion letter to the company in early October, including the names, dates of birth, social security numbers, and prescription information of 75 customers.
Express Scripts handles the medical prescriptions of millions of Americans every year through home delivery and at retail pharmacies. That’s a lot of important data for the Fortune 150 company to look after.
Express Scripts has done the right thing. Firstly, it hasn’t paid any money. That’s important because paying blackmailers only encourages them to ask for more money, or to steal from others.
Express Scripts has also called in the FBI, and begun its own investigation into how the security of their databases might have been breached.
Furthermore, it has gone public on the incident. A press release has been posted to the wires, and a section set up on their website explaining to customers that there has potentially been a large data security breach. Imagine what the implications might have been if they had tried to hush up the incident, paid off the blackmailer, and never told their customers about the possible slip-up.
What’s interesting is that the criminal chose to try and extort money out of Express Scripts. He notably didn’t try and exploit the identity information himself, as far as we can tell, and he didn’t try and sell the data on via the computer underground.
That suggests that either he thinks he can make more money by blackmailing Express Scripts (but it doesn’t seem that they want to play ball) or that he simply isn’t circulating in the right underground circles to know how to fence the information on to other criminals.
Related topics: Crime and Fraud Prevention Data management and data security Hacking and intrusion prevention
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
