Express Scripts, a leading pharmacy benefit management company in the U.S. and Canada, announced that the extortionist(s) who sent them a threat letter in October moved down the foodchain and are now targeting their smaller business partners through similar tactics. As a result, the company decided to fight back and placed a whooping $1 million bounty on the identity of the criminal(s) behind the incident.

The Fortune 500 company announced a week ago that cyber-criminals had sent them a letter asking for money in exchange of silence regarding a major security breach. The extortionists claimed to have in their possession the personal details of millions of patients, which they allegedly acquired by hacking into one of the company's databases. A random batch of records was attached to the letter as proof. It included names, birth dates, social security numbers and even prescription details on 75 of their customers.

Since the company did not cave in to the demands and went public, the extortionists have changed tactics and sent similar threat letters to Express Scripts' business clients. The company officials said that the FBI was immediately notified about this new development and that, together with their partners, they took the decision to offer a reward for any information that leads to the arrest of the person(s) behind these attacks.

“We hope that establishing a reward will bring forward useful information. We will do what we can to help find those responsible as quickly as possible,” commented George Paz, CEO and Chairman of Express Scripts. “We are cooperating fully with the FBI to assist them in their investigation and doing what we can to protect our members,” he added.

In addition, a full internal investigation to discover the source of the security breach has been launched and Kroll, one of the world's leading risk-consulting companies, has been contracted to provide free counseling and identity restoration services to any of the customers that fall victims to identity theft because of this incident. In this regard, a separate support website has been set up.

“Express Scripts recognizes that this situation is concerning to our clients and members. We want to assure them that they will have our constant support until their issues are resolved,” said Mr. Paz. However, for the moment, the company has no information that the compromised data has been misused.

Security industry professionals have applauded the way Express Scripts handled this incident and their decision to go public with it. The reward is yet another step in the right direction and anyone who thinks is eligible to cash it in exchange of valuable information is urged to call 800-CALL-FBI.