Primary Sources

On 11-12-2008 Express Scripts, a co. headquartered in St. Louis, MO, notified the Michigan Attorney General of a potential breach on Michigan residents. This potential breach source was an extortion letter sent to both the company and its clients/members, which threatened to expose PII allegedly stolen from the system. The PII at risk of exposure includes 75 member of the organization and includes social security numbers, names, dates of birth, and historical pharmaceutical prescriptions. The company reported this information to law enforcement and instituted a number of measures to mitigate the risk of identity theft including (a) issuance of press releases dated 11-6-2008 and 11-11-2008. (b) launch of a breach notification website to both notify and assist its clients/members, and (c) the availability of an identity restoration service to assist its clients/members.

i _ l AQ]; , I · EXPRESS SCRiPTS® c "'? " A `” E . 6 . .$HE..--. »-· - ; November 12, .2008 ATTORNEY GENERAL ‘ r NOK! 1,4, 2088 1 ` The Honorable Mike Cox or Office of the Attorney General _...