ESI Supports - The Facts

The Facts

WHAT HAPPENED?

• In early October, the company received a letter from an unknown person or persons trying to extort money from the company.

• This unknown person or persons threatened to expose millions of the company’s members’ records on the Internet if an extortion threat was not met.

• The extortion letter included information on certain members, including Social Security numbers, dates of birth, and in some cases, prescription information.

• More recently, a small number of Express Scripts’ clients have received letters threatening to expose the personal information of additional members. The threats are believed to be connected to the initial extortion threat.

• We are unaware at this time of any actual misuse of the information.

WHAT ARE WE DOING ABOUT IT?

• We are notifying our clients and we are notifying the members whose information appeared in the recently received letters.

• We are offering our members free identity restoration services if they become victims of identity theft because of this incident. Consultation, investigation and restoration services will be provided by Kroll, a New York-based risk-consulting firm and global data security leader.

• We are complying with state notification requirements.

• We notified the FBI immediately after we received the letter, and it continues to investigate.

• We’re establishing a reward totaling $1 million for the person or persons who provide information resulting in the arrest and conviction of those responsible for these criminal acts. Anyone with information about the extortion threats should contact the FBI at 800-CALL-FBI.

• We've launched our own investigation with the assistance of outside experts in data security and computer forensics.

HOW DID IT HAPPEN?

• We believe we have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls.

• We are continuing our investigation and hope to identify those responsible for any unauthorized access.

HOW COULD THIS HAPPEN?

• We are committed to protecting the privacy and security of our members’ information.

• We deploy a variety of security systems designed to protect that information from unauthorized access.

• However, as security experts know, no data system is completely invulnerable.

• We also believe we have identified where the data involved in this situation was stored in our systems, have instituted enhanced controls, and are committed to fully understanding what happened.