Slashdot Mirror

← Back to Stories (view on slashdot.org)

$1M Reward Offered To Nab Data Breach Extortionist

Posted by Soulskill on from the i've-seen-this-it's-gary-sinise-send-me-a-check dept.

alphadogg writes with this excerpt from NetworkWorld: "Express Scripts, the pharmacy benefits management company which recently disclosed an extortionist is demanding money by threatening to expose millions of patient records the company holds, Wednesday said it has decided to offer $1 million to nab the perpetrator. 'We're going on the offense with this reward,' an Express Scripts spokesman said. The $1 million will be paid to anyone who provides information leading to the capture and conviction of the extortionist who sent a letter to Express Scripts in early October that contained personal information on 75 people, considered members, who use the company's pharmacy-benefits services. The extortionist claims to have information on millions more Express Scripts members and wants money to not reveal it."

8 of 134 comments (clear)

  1. The same principle as not dealing with terrorists by Anonymous Coward · · Score: 4, Insightful

    Terrorize the slimebag instead. Make him wonder which one of his buddies that he bragged to will turn him in.

  2. Opportunity by Anonymous Coward · · Score: 5, Interesting

    All the extortionist need do now is move the data to someone else's machine then shop him in.

    1. Re:Opportunity by zappepcs · · Score: 4, Insightful

      I think there may be a small problem with that. Didn't the USA offer a reward similar to this for Osama Bin Laden?

      The trouble with being a friend of this extortionist is that all your sins are likely to be discovered if you turn them in, even if you do get the money.

      I'd like to see the reward work, but am not holding my breath for it.

      --
      Support NYCountryLawyer RIAA vs People
  3. More customer data... by erroneus · · Score: 4, Insightful

    I think some minimum security requirements are needed by law before people will start securing personal data like this. I think one thing preventing this is the wide deployments of Windows out there that could never meet strict security requirement. (That is just my bias talking) The web server www.express-scripts.com is reported by nmap as running freebsd, but it also shows a few ports in the 8000 range "closed" but otherwise detected. I have to wonder what that's about... nmap identifies one of them as an apple-iphoto service port of some kind. I am sure that can't be right.

    IT has always been a wild-west environment where anyone can claim to be an expert. People set things up with no standards. It doesn't help that executives with no understanding of technologies or risks insist on things being done in spite of risks they are presented with. Even as there are problems all around with important data being lost, stolen, misplaced or exposed, people fail to look to the cause and prevention aspects of these problems. I cannot imagine this changing until people are threatened with massive fines or imprisonment. The fines that many businesses suffer in other areas are insufficient deterrent and become factored into business budget plans... the fines must be MASSIVE.

  4. Nice way to Change the Discussion by mpapet · · Score: 5, Insightful

    Instead of having an article entitled "Millions of identities stolen" with text like "massive compromise" we have a revenge story.

    That's why corporate officers get paid the big bucks. They screw you and you feel good about it.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  5. Re:Million dollar reward by lysergic.acid · · Score: 5, Insightful

    RTFA, they have upped their security since the letter was sent to them. and since no one knows how exactly the records were stolen, i think you're just talking out of your ass claiming it as "complete stupidity on their part."

    at least the company is smart enough to realize that there's no such thing as perfect security (which apparently is more than can be said about you). however, having found themselves in a situation in which their customer records have been stolen, they are taking all precautionary measures the minimize the damage.

    they were honest about the breach and came out publicly about it rather than trying to suppress the information. they contacted the FBI, who have launched an ongoing criminal investigation. the company has also hired data security & computer forensics experts to launch their own independent investigation into the matter. additionally, they have contracted a risk-consulting firm to provide free identity restoration services to affected customers in order to mitigate potential damages. they seem to have done everything in their power to redress the situation. what else were they supposed to do? give in to the extortionists' demands and try to sweep this under the rug?

  6. Evil Pharmacy benefits mgmt companies by freelunch · · Score: 4, Interesting

    Many 'pharmacy benefit management' companies profit by selling information about your drug purchases - and probable ailments - to the highest bidder. This is a gray area of the law. You are typically NOT able to opt-out of this selling of your information. HIPPA doesn't cover this, just like it doesn't cover off-shore companies who sell your data. It is a rapidly growing market.

    Insurance companies like Humana even make a point of mentioning that they will disclose your health data to third parties who may not be subject to privacy regulations.

    So I have to ask, who is more evil here?

  7. Re:The same principle as not dealing with terroris by nurb432 · · Score: 4, Insightful

    You cant compare theft to drug use.

    Smart people do commit crimes ( morals have nothing to do with intelligence ). The dumb ones get caught and serve time.

    --
    ---- Booth was a patriot ----