ESI Supports - The Facts

The Facts

BACKGROUND: WHAT HAPPENED?

• In October 2008, Express Scripts received a letter from an unknown person or persons trying to extort money from the company.

• This unknown person or persons threatened to expose millions of the company’s members’ records on the Internet if an extortion threat was not met.

• The extortion letter included information on certain members, including Social Security numbers, dates of birth, and in some cases, prescription information.

• In late August 2009, Express Scripts was informed by the FBI that the perpetrator of the earlier action had recently forwarded a letter and data file to a law firm. FBI special agents contacted Express Scripts immediately.

• The data shows that the extortionist possesses additional member records from the same period of time as those identified in the 2008 extortion attempt.

• At this time, Express Scripts has not confirmed any fraudulent misuse of member information as a result of this incident. However, we understand the concern it is causing our members, and we are monitoring the situation very closely. Please visit our Resource Center for steps you can take to safeguard your personal information.

WHAT HAVE WE DONE ABOUT IT?

• In November 2008, we notified our clients and members whose information appeared in the letters from the extortionist. We notified the FBI immediately after we received communication from the extortionist. The FBI investigation is ongoing. Our own investigation, which we launched with the assistance of outside experts in data security and computer forensics, is also continuing.

• Express Scripts is notifying the members that were affected in the most recent development that occurred in 2009.

• We are complying with state notification requirements.

• We continue to stand firm in our refusal to give in to the demands of the extortionist.

• We are offering a $1 million reward for the person or persons who provide information resulting in the arrest and conviction of those responsible for these criminal acts. We encourage anyone with information about the extortion threats to contact the FBI at 1-800-CALL-FBI.

HOW DID IT HAPPEN?

We believe we have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls.

We are continuing our investigation and hope to identify those responsible for any unauthorized access.

We deploy a variety of security systems designed to protect information from unauthorized access. However, as security experts know, no data system is completely invulnerable.