The Curious Case of Express Scripts
2009-01-02 by d2d
The recent Express Scripts breach is a fascinating one. It would appear to involve an extortion letter sent first to Express Scripts detailing the personal information of several customers' customers. It then evolved to include extortion letters to Express Scripts customer-organizations like Toyota, and supposedly others:
"Subsequently, Express Scripts has become aware that a small number of its clients recently received letters threatening to expose the personal information of its members.", per the web site setup to provide information about the incident.
In truth, the website appears to provide little information at all, and given that Express Scripts provides services to some 50 Million people, this breach could soon find its way on our top ten list.
Recent Articles
- » 2008-12-05 - DataLossDB Enhancement: Primary Sources
- » 2008-11-26 - UK: Gov't rules out data-breach notification law
- » 2008-11-02 - Virtual Heist Nets 500,000+ Bank, Credit Accounts
Support OSF Data Loss
OSF needs your support! You can support OSF's DataLossDB in several ways, such as contributing news articles about data loss incidents or by updating older incidents as new information becomes available. Financial donations, which will support hosting, hardware upgrades, and advertising are also appreciated. If you wish to make a donation, please do so via the Google checkout link below.
About OSF Data Loss
DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation's DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. For any questions about this site or the data contained within the site, please contact curators@datalossdb.org.
Latest Incidents
| records | date | organizations |
|---|---|---|
| 18,000 | 2008-12-31 | Ohio State University |
| 0 | 2008-12-29 | Merrill Lynch |
| 1,500 | 2008-12-26 | Lakes Region General Hospital |
| 16,000 | 2008-12-25 | Pulte Homes Las Vegas Division |
| 38 | 2008-12-23 | Ohio University-Chillicothe |
| 1,005 | 2008-12-23 | Cedars-Sinai Medical Center |
| 16,857 | 2008-12-23 | Federal Emergency Management Agency |
| 1,500,000 | 2008-12-23 | RBS Worldpay |
| 0 | 2008-12-23 | Vonage |
| 0 | 2008-12-23 | The Pepsi Bottling Group |
Search
Largest Incidents
| records | date | organizations |
|---|---|---|
| 94,000,000 | 2007-01-17 | TJX Companies Inc. |
| 40,000,000 | 2005-06-19 | CardSystems, Visa, MasterCard, American Express |
| 30,000,000 | 2004-06-24 | America Online |
| 26,500,000 | 2006-05-22 | U.S. Department of Veterans Affairs |
| 25,000,000 | 2007-11-20 | HM Revenue and Customs, TNT |
| 17,000,000 | 2008-10-06 | T-Mobile, Deutsche Telekom |
| 12,500,000 | 2008-05-07 | Archive Systems Inc, Bank of New York Mellon |
| 11,000,000 | 2008-09-06 | GS Caltex |
| 8,637,405 | 2007-03-12 | Dai Nippon Printing Company |
| 8,500,000 | 2007-07-03 | Certegy Check Services Inc, Fidelity National Information Services |
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Email | Fraud Se | Hack | Lost Computer
- Lost Document | Lost Drive | Lost Laptop | Lost Media
- Lost Tape | Missing Laptop | Snail Mail | Stolen Computer
- Stolen Document | Stolen Drive | Stolen Laptop | Stolen Media
- Stolen Tape | Unknown | Virus | Web