Express Scripts’ hackers have stolen the personal information of roughly 700,000 members of the pharmacy benefits management company. It’s the first time the company has placed a number on the total extent of the information held by the hackers, and the latest installment in an ongoing drama.
The tumult began last fall when Express Scripts revealed they had received a ransom demand from hackers who threatened to release the members’ personal information if Express Scripts refused to make the payoff.
The data kidnappers lent credibility to their claim by sending Express Scripts the names, Social Security numbers and birth dates of 75 members. In some cases, members’ prescription histories were included.
In response, Express Scripts not only refused to pay the ransom, but defiantly offered a widely publicized $1 million reward. They also notified the 75 members whose information was compromised.
The extortionists then issued another salvo by sending more threats and more employee information to some of Express Scripts’ largest customers, including Toyota and federal government agencies.
At that point, Express Scripts sent out another round of data breach notifications and ID theft warnings to employees of the organizations that received the second round of extortion attempts.
Just two weeks ago Express Scripts announced they were sending data breach notifications to 1,771 New Hampshire residents whose data was recently found to be among the stolen information.
Express Scripts has steadfastly refused to acquiesce to the criminals’ ultimatum and has continued to participate in an ongoing FBI investigation. The amount of the ransom demand has never been made public.
The Saint Louis-based firm is the fifth-largest prescription benefits management in the world with roughly 50 million customers.
