Cyber crooks use data for extortion

There's a new twist to the increasingly-common tale of data theft. Express Scripts, one of the nation's largest processors of mail-order pharmacy prescriptions, recently had its databases hacked and a great deal of personal consumer information stolen. But instead of exploiting the data right off the bat, the cyber thieves opted for a different approach--extortion. Express Scripts said that in early October it received a letter that included the names, birth dates, Social Security numbers and, in some cases, prescription data on 75 of its customers.

The authors then threatened to expose millions of consumer records containing personal and medical information if the company declined to pay them a sizable amount of money. Chief executive George Paz said in the statement that Express Scripts has no intention of paying any money to the extortionists and that his company is working with the FBI to track down those responsible.

Express Scripts processes and pays prescription drug claims for more than 1,600 companies. It handles about 500 million prescriptions a year for about 50 million Americans. Company spokesman Steve Littlejohn said Express Scripts knows where the data came from, and is now trying to determine how it was stolen. He refused to say how much money was demanded by the extortionists

For more on this theft:
- see this WashingtonPost.com article

Related Articles:
How SMBs can secure data against theft, risks
Data theft headaches grow