Privacy & Identity Theft

SACRAMENTO - Attorney General Kamala D. Harris and Placer County District Attorney R. Scott Owens today announced the arraignment of Riley Bangerter, 36, of Roseville, on 11 charges of identity theft, in a case of cyber harassment. Bangerter pled not guilty when he was arraigned on January 11, 2016.

Bangerter was arrested on December 3, 2015, following an investigation by Attorney General Harris’ eCrime Unit, which found that he had superimposed images of his ex-wife onto pornographic images and posted them online, accompanied by her personal identifying information.

“Bangerter’s heinous actions sought to humiliate, belittle and destroy the personal and professional life of his victim,” said Attorney General Harris.  “This prosecution sends a clear message to all who dare to perpetrate the crimes of cyber harassment and cyber exploitation, that these cowardly acts will not be tolerated in California.  I thank the Placer County District Attorney’s office for their partnership and commitment to holding Bangerter accountable for these deplorable acts.”

Bangerter is charged with identity theft – violating Penal Code section 530.5, which prohibits the misuse of personal identifying information.  The case is being prosecuted by the Placer County District Attorney’s office.

During her tenure, Attorney General Harris has pioneered the prosecution of cyber exploitation cases, successfully securing criminal convictions and sentences for those who post intimate photos or videos online without the consent of the individual depicted. 

In 2011, Attorney General Harris created the eCrime Unit within the California Department of Justice to identify and prosecute identity theft crimes, cybercrimes and other crimes involving the use of technology.  In April 2015, Attorney General Harris announced that Kevin Bollaert was sentenced to eighteen years of incarceration (a sentence later revised to eight years in prison followed by ten years of mandatory supervision) for operating a cyber exploitation website, ugotposted.com.  The site allowed the anonymous, public posting of nude or explicit photographs without the subject’s permission and also included the subject’s full name, location, age and Facebook profile link.  Bollaert also extorted victims, charging them $250 to $350 to remove the content posted without their permission.

In June 2015, Attorney General Harris announced a three-year jail sentence for Casey Meyering, who operated a cyber exploitation website called WinByState.com and an associated site TakedownHammer, where he extorted victims seeking to have their images removed.  Charles Evens, who hacked into email accounts to steal intimate images and then sold the images to cyber exploitation website operator Hunter Moore, pleaded guilty to hacking in June 2015.

Attorney General Harris convened a Cyber Exploitation Task Force in February 2015, a public-private partnership comprised of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders.  In October 2015, Attorney General Harris and the task force unveiled a  first-of-its-kind online resource hub with tools for victims, the technology industry, and law enforcement agencies.

In September 2015, Governor Jerry Brown signed into law two new measures Attorney General Harris sponsored to combat and prevent cyber exploitation.  Senate Bill 676 (Cannella, R-Ceres) enables law enforcement to destroy cyber exploitation images and AB 1310 (Gatto, D-Glendale) allows search warrants to be issued for crimes related to cyber exploitation and allows for the prosecution of cyber exploitation cases in the county where the victim resides or in the county where the images were posted.

SAN FRANCISCO - Attorney General Kamala D. Harris and Alameda County District Attorney Nancy E. O’Malley today announced a settlement with Comcast Cable Communications LLC (“Comcast”) to resolve allegations that Comcast both unlawfully disposed of hazardous waste and discarded records without first omitting or redacting private customer information. As part of the settlement, Comcast will pay a total of $25.95 million. 

“Comcast’s careless and unlawful hazardous waste disposal practices jeopardized the health and environmental well-being of California communities and exposed their customers to the threat of identity theft,” said Attorney General Harris. “This agreement holds Comcast accountable for breaking the law and puts strict measures in place to prevent them from putting Californians and our environment at risk in the future.”

“Today’s settlement represents a victory in California’s ongoing efforts to ensure that hazardous waste is disposed of in a safe, legal and environmentally sustainable manner,” states Alameda County DA Nancy E. O’Malley. “Not only will my office pursue all necessary legal action against entities that pollute our environment, but we will also use all legal means to ensure California’s consumers’ private information is protected.  My office will continue to work together with state and local agencies to investigate and prosecute violations against our environment.”

The civil enforcement action and proposed settlement against Comcast were filed today in Alameda County Superior Court by Attorney General Harris and District Attorney O’Malley. The settlement requires court approval before it becomes final.

Today’s announcement stems from a robust investigation by the offices of Attorney General Harris and District Attorney O’Malley, assisted by the Department of Toxic Substances Control and the California Highway Patrol. According to the investigation, since 2005, Comcast warehouse and dispatch facilities and customer service centers throughout the state unlawfully handled and disposed of various hazardous waste products, routinely and systematically sending these materials to local landfills that were not permitted to receive these items. The majority of the hazardous waste was electronic equipment such as remote controls, splitters, routers, modems, amplifiers, and power adapters. The investigation also uncovered that Comcast discarded documents containing sensitive customer information, including names, addresses and phone numbers, into the trash without shredding them or making them unreadable, potentially exposing the information to identity thieves.

If approved by the court, under the final judgment, Comcast must pay $19.85 million in civil penalties and costs. An additional $3 million will fund projects furthering environmental and consumer protection and enforcement in California. Comcast will also be providing CalRecycle with $2.25 million in airtime over a four-year period and $150,000 to develop and produce public service announcements that educate the public on the proper handling and disposal of hazardous waste they might generate, including electronics. Finally, Comcast will spend a minimum of $700,000 to enhance its environmental compliance and will be prohibited from violating these laws in the future, under the terms of a permanent injunction.

Upon notice of the investigation, Comcast agreed to cooperate and, at the request of the Attorney General and the Alameda County DA, took interim steps to improve its hazardous and universal waste management compliance programs. As part of the settlement, Comcast has committed to fund multiple measures over the next five years to enhance its environmental compliance. Comcast will also be required to hire an independent auditor to conduct three audits of its environmental and customer privacy compliance over the next five years. There are ten Comcast facilities in Alameda County and all ten facilities are subject to the terms of the settlement.

Last year, Attorney General Harris and District Attorney O’Malley reached a $23.8 million settlement with AT&T over similar hazardous waste disposal violations.

Copies of the civil enforcement action and proposed settlement are attached to the online version of this release at oag.ca.gov/news.

SAN FRANCISCO - Attorney General Kamala D. Harris today released guidance on location privacy on smartphones, tablets, and email as part of National Cyber Security Awareness Month, a campaign to promote a safer, more secure, and more trusted Internet.

The Attorney General’s new information sheet, Location, Location, Location: Tips on Controlling Mobile Tracking, comes at a time when nearly two-thirds of Americans own a smartphone. In fact, it’s been reported that the average consumer is never more than three feet away from his or her phone.[1]

Connected devices are convenient, but they also pose unique privacy challenges. Our smartphones and tablets are “always on” and “always on us,” broadcasting where we are, where we have been, and even where we are going. This is a concern for many of us, and for domestic violence and stalking victims, it can be dangerous.

Location, Location, Location explains how to use system settings on Android and iOS devices to manage GPS and other location tracking functions.  The new information sheet also explains how email location tracking works and offers step-by–step instructions for stopping it in Gmail, Outlook, and Yahoo Mail.

Location, Location, Location can be found with Getting Smart About Smartphones, Breach Help, and a library of easy-to-read privacy materials on the Attorney General’s website at www.oag.ca.gov/privacy/info-sheets. 

Resources

Location, Location, Location: Tips on Controlling Mobile Tracking: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-18.pdf?

Getting Smart About Smartphones: Tips for Consumers 

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_consumers.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15a_smartphonesConsumer_sp.pdf

Getting Smart About Smartphones: Tips for Parents

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_parents.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15b_smartphonesParents_sp.pdf

National Cyber Security Awareness Month: www.staysafeonline.org/ncsam/

[1] www.getelastic.com/the-end-of-bricks-and-mortar-retail-as-we-know-it/

LOS ANGELES - Today, Attorney General Kamala D. Harris announced the launch of a new, first-of-its-kind online resource hub with tools for victims, technology companies and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates. 

In response, elected officials and leaders in the technology industry released the following statements of support:

Antigone Davis, Head of Global Safety Policy, Facebook:

"Sharing intimate images of someone without their consent can be both devastating and dangerous for the victim. Such activity is not allowed on Facebook and we are proud to support Attorney General Harris’ anti-cyber exploitation initiative to raise awareness of this abhorrent practice and promote tools to fight it.”

Jacqueline Beauchere, Chief Online Safety Officer, Microsoft:

"Non-consensual distribution of sexual content, commonly known as ‘revenge porn’, is a horrific violation of privacy that can damage nearly every aspect of a victim’s life. Microsoft commends Attorney General Harris' commitment to this issue and we are proud to support this effort to help ensure victims have easy access to the tools they need to regain control of their images and their privacy. We hope this new online hub, which includes reporting information for online services such as Microsoft’s new reporting site for Bing, OneDrive and Xbox Live, will prove to be a valuable resource for victims."

Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law, University of Maryland Carey School of Law:

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating. AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.” 

John Doherty, Vice President of State Policy & Politics and General Counsel, TechNet:

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection. Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.” 

Bob Stresak, Executive Director, California Commission on Peace Officer Standards and Training (POST):

“The Commission on Peace Officer Standards and Training is honored to be a part of the Attorney General’s working group in a progressive effort to combat cyber exploitation.  As technology advances, criminal activity takes new forms.  This often presents challenges for law enforcement.  Law enforcement must advance in its ability to proactively address and effectively respond to those challenges.  To that end, the Commission on POST will continue in its commitment to provide the best training available to the law enforcement community.”

California Assemblymember Mike Gatto (D-Glendale):

“Cyber exploitation is a serious crime.  I was proud to partner with Attorney General Harris on legislation to eliminate jurisdictional loopholes and give additional tools to law enforcement to investigate and prosecute this type of crime. The Department of Justice’s resource hub will play an important role in the fight to end cyber exploitation in California.”

California Senator Anthony Cannella (R-Ceres):

“Cyber exploitation greatly disrupts the lives of victims.  I am glad that California remains in the forefront of fighting this horrendous crime. We need victims to be more aware that there are resources to protect them.  This is a valuable tool to help in ending cyber exploitation.”

LOS ANGELES - Attorney General Kamala D. Harris today announced the launch of a new, first-of-its-kind online resource hub with helpful tools for victims, the technology industry and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates.   

“Posting intimate images online without consent is a cowardly crime that humiliates and belittles victims,” said Attorney General Harris. “These new tools will assist law enforcement in combating cyber exploitation and support victims in seeking justice. I would like to thank our partners from our task force, whose work will have a global impact in combatting this heinous crime.”

Attorney General Harris’s effort is centered on a newly created online resource hub that will work to empower victims with information on how to have images posted without permission removed from popular websites and search engines, and provide clear guidance to local law enforcement about new and existing laws to investigate and prosecute cyber exploitation cases. The resource hub will include a Best Practice Guide for technology companies to help them develop policies that prevent the posting and sharing of cyber exploitation images. 

Designed to be a one-stop-shop for law enforcement, victims and technology companies, the site will include information graphics with steps individuals can take after being a victim of cyber exploitation, and the first-ever comprehensive collection of major technology platforms’ privacy policies and links to report improper use of intimate images and how to have them removed from social media sites and online search engines.

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating,” said Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law at the University of Maryland Carey School of Law. “AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.”

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection,” said John Doherty, Vice President of State Policy & Politics and General Counsel at TechNet. “Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.”

In tandem with the launch of the anti-cyber exploitation initiative, Attorney General Harris issued a Law Enforcement Bulletin, with instructions for all California law enforcement agencies on how to use and enforce new and existing laws related to cyber exploitation crimes. This past legislative session, Attorney General Harris sponsored two bills to enable more effective prosecution of cyber exploitation crimes: AB 1310 and SB 676. Both laws were signed by Governor Jerry Brown and become effective January 1, 2016. 

AB 1310, sponsored by Assemblymember Mike Gatto (D-Glendale), expands the jurisdictional options for prosecuting cyber exploitation cases and allows law enforcement to use a search warrant to investigate cyber exploitation cases. SB 676, sponsored by Senator Anthony Cannella (R-Ceres), adds cyber exploitation to the list of computer crimes eligible for forfeiture and destruction of property as part of a judgment and provides law enforcement with a process for seizing and destroying cyber exploitation images.

The initiative will also include a digital campaign, lead by the Attorney General’s Cyber Exploitation Task Force, using the hashtag #EndCyberExploitation, to raise awareness of the crime and connect victims with resources.   

The Attorney General’s cyber exploitation website was launched in October to mark Domestic Violence Awareness Month and Cyber Security Awareness Month. According to the Cyber Civil Rights Initiative (CCRI), a partner in the working group, more than 90% of victims of cyber exploitation are women and girls. In CCRI’s survey of cyber exploitation victims, 51% reported having suicidal thoughts.

In January 2015, Attorney General Harris convened a task force of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders to fight cyber exploitation. The Attorney General’s working group on cyber exploitation is focused on four key areas: (1) education and prevention, (2) law enforcement education and training , (3) technology leadership and (4) legislation. This initiative is the culmination of this group’s work over the last nine months. 

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes, and other crimes involving the use of technology. The California Department of Justice is leading the nation in prosecuting these crimes, having garnered the first successful prosecution of a cyber exploitation operator in the country.  Earlier this year, Kevin Bollaert was sentenced to eight years imprisonment followed by ten years of supervised release for his operation of a cyber exploitation website that allowed the anonymous, public posting of intimate photos accompanied by personal identifying information of individuals without their consent.

The new resource hub can be found at http://oag.ca.gov/cyberexploitation.   

SAN FRANCISCO - Attorney General Kamala D. Harris is urging California T-Mobile customers and T-Mobile account applicants to immediately place fraud alerts on their credit records in the wake of the massive breach of T-Mobile customer data housed at Experian, one of the nation’s major credit reporting agencies. Placing a fraud alert on your credit records protects consumers from identity theft by requiring that businesses verify your identity before issuing credit.

Up to 15 million T-Mobile customers’ and account applicants’ Social Security numbers, names, addresses, dates of birth, and identification numbers (such as driver’s license, military ID or passport number) were exposed in the cyber attack on Experian. According to Experian, the breach compromised data that was used by T-Mobile in connection with credit checks of individuals who applied for T-Mobile services from September 1, 2013 through September 16, 2015.  In the wrong hands, it could be used for identity theft, particularly “new account fraud,” or opening up new accounts in the victim’s name.

Unlike credit monitoring, which notifies individuals when activity has occurred on their credit records, a fraud alert is a preventive measure. When a fraud alert is in place, a merchant or other credit issuer checking the credit history of someone applying for credit gets a notice that there is a fraud alert. This alerts the merchant to take extra steps to verify the identity of the applicant. A fraud alert lasts 90 days and can be renewed.

A longer-lasting protection is a security freeze, which prevents the opening of new credit accounts unless the consumer has taken steps to temporarily lift the freeze. A freeze costs $10 per credit bureau or $5 for Californians over 65; it is free to victims of identity theft.  For instructions on how to place a freeze on your account, please see “How to ‘Freeze’ Your Credit Files: Tips for Consumers” under “Helpful Links” below.   

You can place a fraud alert with all three major credit bureaus by calling just one of the toll-free fraud numbers below. You will reach an automated telephone system that allows you to flag your file with an alert at all three bureaus. You will also be sent instructions on how to get a free copy of your report from each of the credit bureaus.

Experian 1-888-397-3742

Equifax 1-800-525-6285

TransUnion 1-800-680-7289

Helpful Links:

T-Mobile Breach Notice: https://oag.ca.gov/ecrime/databreach/reports/sb24-58079

For additional information on “Breach Help: Consumer Tips from the California Attorney General”, visit:  http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-17-breach-help.pdf

For additional information on “How to ‘Freeze” Your Credit Files: Tips for Consumers”, visit: http://oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_10_credit_freeze_doj.pdf

LOS ANGELES - Attorney General Kamala D. Harris today announced a settlement with Houzz Inc., an online platform for home remodeling and design, to resolve allegations that the company violated California privacy laws by recording incoming and outgoing telephone calls without notifying all parties on the call that they were being recorded.

From March 2013 to September 2013, Houzz’s Irvine office secretly recorded calls that were intended for training and quality-assurance purposes.  Although most of the secretly recorded calls were with home improvement and remodeling professionals, Houzz also recorded customer calls and employees’ personal calls.  Houzz did not notify all parties or obtain consent, in violation of state laws against wiretapping and eavesdropping.  The proposed settlement, filed in Santa Clara Superior Court today, resolves Attorney General Harris’s allegations.

“Houzz violated the trust of its professionals, customers, and employees by recording calls without permission,” said Attorney General Harris.  “This settlement holds Houzz accountable for violating state privacy laws and ensures that the company will stop recording calls without permission.”

After being notified by the California Attorney General’s Office in September 2013, Houzz stopped recording calls and voluntarily cooperated with the investigation. 

The settlement, which is in the form of a stipulated judgment, will require Houzz to appoint an individual to serve in a Chief Privacy Officer capacity who will oversee Houzz’s compliance with privacy laws and shall report any significant concerns to the Chief Executive Officer and/or other senior executives. This is a significant step that is aligned with Attorney General Harris’ ongoing efforts to preserve California businesses’ ability to innovate while ensuring that consumers’ right to privacy is protected.

Under the settlement, Houzz must also conduct a privacy risk assessment addressing its efforts to comply with applicable privacy laws governing its U.S. operations. The privacy risk assessment will evaluate issues that are implicated by Houzz’s business processes, use of technology, and processes related to any business partners with whom Houzz shares personal information, as well as Houzz’s efforts to mitigate or avoid any adverse effects on individuals in the United States. 

Houzz is also required to secure the recordings and destroy them and pay $175,000.

Copies of the complaint and stipulated judgment are attached to the online version of this release at www.oag.ca.gov.

LOS ANGELES - Attorney General Kamala D. Harris today announced that the California Department of Justice, along with the California Public Utilities Commission, has reached a $33 million settlement with Comcast over allegations that Comcast posted online the names, phone numbers and addresses of tens of thousands of customers who had paid for unlisted voice over internet protocol (“VOIP”) phone service. 

As part of the settlement, Comcast must pay $25 million in penalties and investigative costs to the California Department of Justice and the California Public Utilities Commission. Comcast will also pay approximately $8 million in additional restitution to customers whose numbers were improperly disclosed.

“Publishing personal information that should have been unlisted is unlawful and a troubling breach of privacy,” Attorney General Harris said. “This settlement provides meaningful relief to victims, brings greater transparency to Comcast’s privacy practices and sends a message that violations of consumers’ privacy will result in significant penalties.”

As part of the stipulated judgment filed today in Alameda Superior Court, Comcast has agreed to a permanent injunction that requires the company to improve how it handles customer complaints and to strengthen the restrictions it places on its vendors’ use of personal information about customers.  The injunction will require Comcast to provide a simple and easy-to-read disclosure form to all customers that explains the ways in which it uses unlisted phone numbers and other personal information. 

Comcast is in the process of refunding all fees paid for unlisted service by the roughly 75,000 customers whose information was improperly disclosed over a two-year period, which total over $2 million.  Under the settlement, Comcast will pay each of these customers $100 on top of the refund, totaling an additional $7.5 million.  The settlement also provides for further monetary relief to individuals who have identified personal safety concerns related to the disclosure of their personal information, such as law enforcement personnel and victims of domestic violence.

Comcast’s existing customers will receive their restitution payment as a credit on an upcoming telephone bill.  Former customers will have their restitution payments mailed to their last known mailing address in the next few months.  For questions about restitution administration, please contact Comcast at 1-855-290-6262.

This settlement is part of a global agreement that also resolves related administrative actions filed before the California Public Utilities Commission. The Utility Reform Network (TURN) and the Greenlining Institute participated in those proceedings as well as the settlement negotiations and have approved the settlement terms.

Copies of the complaint and stipulated judgment are attached to the online version of this release at www.oag.ca.gov/news.

SACRAMENTO -- Attorney General Kamala D. Harris today issued a statement applauding Governor Jerry Brown’s signature of Senate Bill 676 (Cannella, R-Ceres), which she sponsored.

“Cyber exploitation is an insidious crime that is used to humiliate, degrade, and financially exploit innocent people,” said Attorney General Harris. “SB 676 will restore dignity to victims by providing California law enforcement with a powerful tool to seize and destroy cyber exploitation images and prevent future distribution. I commend Senator Cannella for authoring this important legislation and thank Governor Brown for signing it into law.”

“As technology evolves, unfortunately, so does the rate of cyber-crimes such as cyber exploitation,” said Senator Cannella. “I appreciate the work of Attorney General Harris in prosecuting those who commit these crimes and am glad that Governor Brown signed SB 676 into law to provide stronger protection to victims."

In April, Attorney General Harris announced an 18-year sentence for cyber exploitation operator Kevin Bollaert. This case was the first successful prosecution in the country of an operator of a cyber exploitation website. Bollaert operated ugotposted.com, which allowed the anonymous, public posting of private photographs containing nude and explicit images of individuals without their permission.

In addition to SB 676, Attorney General Harris is also sponsoring AB 1310 (Gatto, D-Glendale), which would allow search warrants to be issued for crimes related to cyber exploitation and allow for the prosecution of cyber exploitation cases in the county where the victim resides or in the county where the images were posted.

Attorney General Harris has convened a working group of 50 major technology companies, victim advocates, and legislative and law enforcement leaders to fight cyber exploitation through a public-private partnership. Specifically, the Attorney General’s working group on cyber exploitation is focused on four key areas: developing an industry statement of principles, education and prevention, law enforcement training and collaboration, and legislation and advocacy. The working group includes major tech companies such as Microsoft, Twitter, Google, Facebook, and Instagram.

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes, and other crimes involving the use of technology.

LOS ANGELES — Attorney General Kamala D. Harris today issued a consumer alert in response to the reported breach of UCLA Health, which has impacted up to 4.5 million people. The reported breach compromised the personally identifiable information and medical records of patients and providers at UCLA Health.

Individuals who believe they may have been impacted can contact UCLA Health at 877-534-5972 or visit http://www.myidcare.com/uclaprotection for more information and options to sign up for free services offered by UCLA.

This breach may pose a risk of sensitive information being compromised, including social security numbers (SSNs), separate health insurance IDs, diagnosis and treatment records, and payment information. Both SSNs and health insurance IDs create the potential for medical identity theft, which is the use of someone’s identity to obtain medical services or products or for financial gain. Medical identity theft can affect both the victim’s finances and medical records. Potentially impacted individuals should closely watch the Explanation of Benefits statements they receive from their health insurer. If the statement includes a service or product you did not receive, contact the insurer and ask for details. For more information, see First Aid for Medical Identity Theft: Tips for Consumers by clicking here. These Tips are also available in Spanish.

The Attorney General’s Breach Help: Tips for Consumers has simple instructions for consumers who have been affected by a breach and includes what to do in response to a Social Security number breach. Breach Help is also available in Spanish.

Steps for Responding to Social Security Number Breach: 

1. PLACE A FRAUD ALERT.

Contact the three major credit bureaus and place a 90 day “fraud alert.” This helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets an “alert” that there may be fraud on the account.

Experian       1-888-397-3742

Equifax         1-800-525-6285

TransUnion  1-800-680-7289

You will reach an automated telephone system. You will also be sent instructions on how to get a free copy of your report from each of the credit bureaus. Order the reports.  

2. REVIEW YOUR CREDIT REPORTS.

Look through each one carefully. Look for accounts you do not recognize, especially accounts opened since December 2014, when the Anthem breach occurred. Follow the instructions in the report for disputing any questionable information.

3. CONSIDER A SECURITY FREEZE.

Placing a security freeze on your credit files offers longer-term protection. For information on how to do this, see “How to Freeze Your Credit Files” at www.oag.ca.gov/privacy/info-sheets

4. BE WARY OF PHISHING ATTEMPTS.

If you get an email or call from someone claiming to be from Anthem and asking for your personal information, do not provide it. Scammers often take advantage of breaches by offering to help and actually seeking to steal your information. Check with Anthem through the phone number you usually use or one from the phone book, if you want to confirm that such a contact is legitimate.

More consumer information from the Attorney General:

First Aid for Medical Identity Theft: Tips for Consumers
https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis_16_med_id_theft.pdf

En Español: Primeros auxilios para el robo de identidad médica: Consejos para los consumidores
http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis_16_med_id_theft_sp.pdf

Breach Help: Tips for Consumers
www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-17-breach-help.pdf?

En Español:  Ayuda en caso de robo de datos confidenciales
www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/sp-cis-17-breach-help.pdf?

How to Order Your Free Credit Reports
www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_11_free_annual_doj...

En Español:  Cómo encargar sus informes de crédito gratuitos
www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis11spanish.pdf?

How to "Freeze" Your Credit Files
www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_10_credit_freeze_d...

Identity Theft Victim Checklist
http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_3_victim_checkl...

En Español: Lo que deben hacer las víctimas de robo de identidad

Top 10 Tips for Identity Theft Protection
www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_1_top_10tips_doj.pdf?

En Español:  Los 10 consejos para protegerse contra el robo de identidad 
www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_1_top_10tips_doj_s...