Privacy & Identity Theft

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced a settlement with one of California’s largest health insurers over allegations the company failed to protect the personal information of its members.

The lawsuit, which was filed in Los Angeles Superior Court today along with the settlement, alleges that Blue Cross of California, which does business under the trade name Anthem Blue Cross, printed Social Security numbers on letters mailed to more than 33,000 of its Medicare Supplement and Medicare Part D subscribers between April 2011 and March 2012. The complaint states that Anthem’s conduct violated a state law that restricts the disclosure of Social Security numbers.

"Our office is committed to protecting the privacy of Californians," said Attorney General Harris. "This settlement requires the company to make significant improvements to its data security procedures to ensure this type of error does not happen again."

After the incident, Anthem sent a letter to all affected members whose Social Security numbers were visible through the mailed envelope, notifying them of the breach and offering each a year of free credit monitoring services.

The settlement also requires Anthem to implement new technical safeguards for its data management system, restrict employee access to members’ Social Security numbers and provide enhanced data security training for all of its associates.

The company must also pay $150,000 to settle the claim. The complaint and settlement reflect Attorney General Harris’ continued efforts to protect Californians’ privacy particularly where thousands of consumers can have their personal information released with a mere push of a button.

Copies of the complaint and judgment submitted to the court for approval are attached to the online version of this release at www.oag.ca.gov.

SACRAMENTO – Attorney General Kamala D. Harris today announced the creation of the Privacy Enforcement and Protection Unit in the Department of Justice which will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws.

“In the 21st Century, we share and store our most sensitive personal information on phones, computers and even the cloud. It is imperative that consumers are empowered to understand how these innovations use personal information so that we can all make informed choices about what information we want to share,” said Attorney General Harris. “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.”

The California Constitution guarantees all people the inalienable right to privacy. The Privacy Unit will protect this constitutionally-guaranteed right by prosecuting violations of California and federal privacy laws. The Privacy Unit centralizes existing Justice Department efforts to protect privacy, including enforcing privacy laws, educating consumers and forging partnerships with industry and innovators.

The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights.   

The Privacy Unit will reside in the eCrime Unit and will be staffed by Department of Justice employees, including six prosecutors who will concentrate on privacy enforcement. Joanne McNabb, formerly of the California Office of Privacy Protection, will serve as the Director of Privacy Education and Policy, and will oversee the Privacy Unit’s education and outreach efforts. 

Protecting the privacy of Californians is one of Attorney General Harris’s top priorities. The creation of the Privacy Enforcement and Protection Unit follows the forging of an industry agreement among the nation’s leading mobile and social application platforms to improve privacy protections for consumers around the globe who use apps on their smartphones, tablets, and other electronic devices. The platform companies who signed on to that agreement -- Amazon.com Inc., Apple Inc., Facebook, Google Inc., Hewlett-Packard Company, Microsoft Corporation and Research in Motion Limited -- agreed to privacy principles designed to bring the industry in line with California law requiring apps that collect personal information to post a privacy policy and to promote transparency in the privacy practices of apps. 

Attorney General Harris established the eCrime Unit in 2011 to prosecute identity theft, data intrusions, and crimes involving the use of technology. The eCrime Unit provides investigative and prosecutorial support to the five California regional high-tech task forces funded through the High Technology Theft Apprehension and Prosecution Trust Fund Program and provides coordination for out-of-state technology-crime investigation requests. The eCrime Unit also develops and provides training for law enforcement officers, prosecutors, the judiciary and the public on cyber safety and the importance of strong information-security practices.  

The February 2012 press release announcing the apps agreement can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-secures-global-agreement-strengthen-privacy

The June 2012 press release announcing that Facebook joined the apps agreement can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-expansion-california%E2%80%99s-consumer

The December 2011 press release announcing the creation of the eCrime Unit can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-creation-ecrime-unit-targeting

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced that Facebook has become the seventh company to sign the Joint Statement of Principles to strengthen privacy protections for consumers around the world who use online applications on their smartphones, tablets and other electronic devices. The agreement extends the reach of California’s privacy protections beyond mobile apps to include social apps in Facebook’s App Center, which are used daily by millions of consumers. Among other protections, the agreement seeks to improve compliance with California law requiring apps that collect personal information to have a privacy policy.

“Consumers deserve to be able to make informed choices about how much personal information they want to share with others when using social apps,” said Attorney General Harris. “We are delighted that Facebook has joined Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion to provide consumers with greater control and information about how their personal data is used.  We need to protect privacy while we foster innovation.”

In a letter to Attorney General Harris released today, Facebook wrote “…we hope that you will consider us a signatory to the Joint Statement.” Facebook joins an agreement that was first announced in February when Amazon.com Inc., Apple Inc., Google Inc., Hewlett-Packard Company, Microsoft Corporation, and Research in Motion Limited all signed on to a Joint Statement of Principles. 

In the letter, Facebook’s Chief Privacy Officer Erin M. Egan wrote, “As you know, the Joint Statement’s principles embodied essential protections for Californians and others who use mobile apps by encouraging companies that provide mobile app markets to give developers the ability to provide a link to their privacy policies and to display those links along with other app details….As we built the App Center, we were guided by the principles contained in the Joint Statement.”

Starting in 2011, Attorney General Harris worked with Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion to forge the Joint Statement to ensure that emerging online technologies such as mobile apps comply with California’s Online Privacy Protection Act (Simitian, 2004).  The Act requires operators of commercial web sites and online services, including mobile and social apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.  The posting of a privacy policy promotes transparency and provides consumers with more informed control over their personal information. Today’s agreement recognizes the Facebook App Center’s role as a clearinghouse for a variety of social apps.

A letter from the Attorney General’s Office to Facebook said, “California law requires all operators of commercial web sites and online services, including mobile and social apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.  We are very pleased that Facebook has incorporated the Principles into the design of the App Center and that Facebook requires, as a condition of participating in the App Center, that developers submit a link to a privacy policy.  We are also pleased to see that Facebook is prominently displaying the link to an app’s privacy policy in the App Center, and is implementing a means to report and remediate privacy issues.”

In addition to signing the Joint Statement, Facebook will participate in a multi-stakeholder Advisory Group on Mobile Privacy Practices that the Attorney General’s Office and the California Office of Privacy Protection have convened to develop best practices for mobile privacy generally and to develop model mobile privacy policies in particular.

Copies of both letters are attached to the electronic version of this release at: http://oag.ca.gov/news

The February 2012 press release announcing the apps agreement can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-secures-global-agreement-strengthen-privacy

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced the outcomes of two cases investigated by her office’s eCrime Unit in which defendants “skimmed” credit card information of Chase Bank customers across the state.

Both cases involved a type of crime frequently referred to as a “skimmer operation.” In both cases, the defendants, organized as “crews,” replaced the card readers at Chase Bank ATM vestibules with ones that allowed them to retrieve customers’ card information. Additionally, both crews installed micro cameras to capture the card holders’ PIN entry. With this information, they created bogus ATM access cards.

“Technology benefits consumers, but also opens them up to risks that law enforcement must respond to,” said Attorney General Harris. “ATM skimming cases like these are fast-growing, can lead to identity theft and significant financial losses.  I applaud the state and local collaboration that shut down these two criminal schemes.”

Gnel Snapyan, 35, was sentenced today in San Luis Obispo County Superior Court to 364 days in state prison and five years probation. His co-conspirator, Gervork Aroutiounyan, 48, was sentenced in March 2012 to three years and eight months in state prison. The men were ordered to pay restitution to Chase Bank.     

In a separate scam, Santiago Alcantar, 37, Genea Antoine, 39, and Anthony Garcia, 30, entered a plea of guilty today in San Luis Obispo County Superior Court to one count of conspiracy to commit grand theft, computer access fraud, identity theft, second degree burglary and forgery of access cards. They were charged in March with 14 counts of felony fraud.

Between July 2010 and February 2011, Snapyan fraudulently withdrew approximately $220,000 from the bank accounts of more than 300 victims in Santa Clara, Marin, Fresno, San Luis Obispo counties. 

The case was investigated by the San Luis Obispo County Police Department and the Attorney General’s eCrime Unit. In September 2011, the Attorney General’s office charged Snapyan and Aroutiounyan with 28 counts of felony fraud. On March 1, the defendants entered a plea of guilty to one count of conspiracy to commit grand theft, computer access fraud, identity theft, second degree burglary and forgery of access cards. Additionally, each pled guilty to three counts of second degree burglary.  

Between October 2010 and February 2011, Alcantar, Antoine, and Garcia ran their skimmer operation in Los Angeles, San Luis Obispo, San Bernardino and Ventura counties. The crew stole approximately $217,000 from more than 200 victims. 

Sentencing is scheduled for July 27, at which time Alcantar will be sentenced to four years in state prison; Antoine to two years in state prison and Garcia to a sentence that will not exceed one year and 4 months.

In both cases, Chase Bank has reimbursed customers for their losses.

The California Department of Justice eCrime Unit was created last year to identify and prosecute identity theft crimes, cyber crimes and other crimes involving the use of technology. 

Photos are attached to the online version of this release at  https://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-crackdown-atm-%E2%80%9Cskimming%E2%80%9D-and-identity .      

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced that Gervork Aroutiounyan, 48, was sentenced for an ATM identity theft scam that spanned seven counties.

Aroutiounyan and Gnel Snapyan, 35, were charged for “skimming” debit card information of Chase Bank customers and stealing $320,728. The Department of Justice eCrime Unit was able to charge the entirety of the scheme across seven counties, including the counties of Santa Clara, Marin, Fresno, San Bernardino, San Diego and Los Angeles.

Aroutiounyan was sentenced today in San Luis Obispo County Superior Court to three years and eight months in state prison, and ordered to pay restitution to Chase Bank of $320,728. The sentencing of Snapyan was delayed until June 15.

“These criminals stole not just money, but people’s identity,” said Attorney General Harris. “While modern technology provides many advantages, it is also increasingly being used by criminals, which is why I created the eCrime unit within the Department of Justice.”

In September 2011, the Attorney General’s office charged the defendants with 28 counts of felony fraud. On March 1, the defendants entered a plea of guilty to one count of conspiracy to commit grand theft, computer access fraud, identity theft, second degree burglary and forgery of access cards. Additionally, each plead guilty to three counts of second degree burglary.

Between July 2010 and February 2011, Aroutiounyan and his co-conspirator replaced the card readers at Chase Bank ATM vestibules. The readers they installed allowed them to retrieve the card information of customers using the ATM. Additionally, the crew installed micro cameras to capture the card holders’ PIN entry. With both the card information and the PIN information, they created bogus ATM access cards. These cards were used to fraudulently withdraw $320,728. This type of crime is frequently referred to as a “skimmer operation.”

Chase Bank has reimbursed customers for their losses. The case was investigated by the San Luis Obispo County Police Department.

The California Department of Justice eCrime unit was created last year to identify and prosecute identity theft crimes, cyber crimes and other crimes involving the use of technology.

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced that three of the nation’s leading online dating providers have issued a joint statement of business principles that online dating providers should follow to help protect members from identity theft, financial scams and sexual predators.

The agreement between the Attorney General and online dating providers eHarmony, Match.com and Spark Networks (operator of such websites as JDate and ChristianMingle), states that the companies will protect their members through the use of online safety tools, including checking subscribers against national sex offender registries and by providing a rapid abuse reporting system for members.

The websites will also continue to proactively educate members about safe online dating practices, and will supply members with online safety tips, including fraud prevention guidance and tips for safely meeting people offline. These tips and financial scam warnings will be issued on an ongoing basis to registered members.

“I commend these companies for committing to these important consumer protections,” said Attorney General Harris. “Consumers should be able to use websites without the fear of being scammed or targeted. It is a priority for this office to ensure consumers are protected online, and companies who are creating in the Internet space have a continued opportunity to innovate and thrive.”

Providers will continue their efforts to screen members for safety threats, whether financial or physical, using a number of protective tools, including looking for fake profiles and checking sex offender registries to prevent registered sex offenders from using their fee-based services. Any member who is identified as a registered sex offender will not be allowed to use these services.

This joint statement also ensures that the online dating service providers have rapid abuse reporting systems, which give members access to a website, email address and/or phone number to report any suspected criminal activity, including physical safety concerns and fraud. This agreement reflects best practices that these industry leaders are following.

“In the interest of protecting and educating users, I strongly encourage all online dating companies to adopt the same principles as these industry leaders,” Attorney General Harris said.

Last year, Attorney General Harris established an eCrime Unit to prosecute identity theft, data intrusions and crimes involving the use of technology. Attorney General Harris will assign a liaison from the eCrime Unit to deal with reports of suspected criminal activity provided by the three online dating providers and other providers who adopt these principles.

In 2011, 40 million Americans used an online dating service and spent more than $1 billion on online dating website memberships. Of couples married in the last three years, one in six met through an online dating service and one in five people have dated someone they met through an online dating site.

“eHarmony has the greatest concern for the safety and security of our members. These types of practices have been part of our commitment to member safety and education for many years.” said eHarmony CEO Jeremy Verba. “We are proud to join Attorney General Harris, Match.com and Spark Networks in setting an example for the rest of the online dating industry.”

“We commend Attorney General Harris for working with us to communicate best practices for a safe and enjoyable online dating environment,” said Match.com President Mandy Ginsberg. “We have always been committed to setting the standard for positive consumer experiences in online dating, and we were happy to work with the Attorney General, eHarmony and Spark Networks to encourage best practices throughout the industry.”

“The safety of our members and integrity of our sites is of fundamental importance to us, and we have always taken a multi-faceted approach to creating and maintaining safe online communities like JDate and ChristianMingle,” said Greg Liberman, President and CEO of Spark Networks. “We are honored Attorney General Harris has recognized our efforts to date and look forward to our continuing collaboration with the Attorney General, eHarmony, and Match.com to protect the safety and privacy of online daters and encourage others in the industry to follow our examples.”

A copy of the agreement is attached to the online version of this release at www.oag.ca.gov.

###

About the Companies:

About eHarmony, Inc.

Santa Monica, Calif.-based eHarmony, Inc. (www.eharmony.com) was founded in 2000 and is a pioneer in using relationship science to match singles seeking long-term relationships. Its service presents users with compatible matches based on key dimensions of personality that are scientifically proven to predict highly successful long-term relationships. On average, 542 people marry every day in the U.S. as a result of being matched on eHarmony, nearly 5% of new marriages.* Currently, eHarmony operates online matchmaking services in the United States, Canada, United Kingdom, Australia and Brazil, and through its affiliation with eDarling, in 11 countries throughout continental Europe.

* 2009 survey conducted for eHarmony by Harris Interactive.®

About Match.com

Founded in 1995, Match.com was the original dating website and pioneer of the online dating industry. Throughout its sixteen year history, Match.com has been responsible for more dates, relationships and marriages than any other website. Today, Match.com operates leading subscription-based online dating sites in 25 countries, 8 languages and across five continents. Match.com is an operating business of IAC and is headquartered in Dallas, Texas. For more information, visit www.match.com.

About Spark Networks, Inc.

Spark Networks, Inc. (www.Spark.net) is one of the world’s leading providers of online personals services. Spark Networks’ shares trade on the NYSE Amex under the symbol “LOV” (NYSE Amex: LOV). The Spark Networks portfolio of consumer websites includes, among others, JDate.com (www.JDate.com), ChristianMingle.com (www.ChristianMingle.com), BlackSingles.com® (www.BlackSingles.com) and SilverSingles®.com (www.SilverSingles.com).

SAN FRANCISCO – Attorney General Kamala D. Harris today announced an agreement committing the leading operators of mobile application platforms to improve privacy protections for millions of consumers around the globe who access the Internet through applications (“apps”) on their smartphones, tablets and other mobile devices.

Attorney General Harris forged the agreement with six companies whose platforms comprise the majority of the mobile apps market: Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion. These platforms have agreed to privacy principles designed to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. The majority of mobile apps sold today do not contain a privacy policy.

“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” said Attorney General Harris.

“This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps,” Attorney General Harris continued. “By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used.”

Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use and share personal information. The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.

This agreement will allow consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and will offer consumers a consistent location for an app’s privacy policy on the application-download screen. If developers do not comply with their stated privacy policies, they can be prosecuted under California’s Unfair Competition Law and/or False Advertising Law.

The agreement further commits the platforms to educate developers about their obligations to respect consumer privacy and to disclose to consumers what private information they collect, how they use the information, and with whom they share it. The platforms will also work to improve compliance with privacy laws by giving users tools to report non-compliant apps and committing companies to implement processes to respond to these reports.

In six months, Attorney General Harris will convene the mobile application platforms to assess privacy in the mobile space.

There are more than 50,000 individual developers who have created the mobile apps currently available for download on the leading platforms. There are nearly 600,000 applications for sale in the Apple App Store alone, and another 400,000 for sale in Google’s Android Market. These apps have been downloaded more than 35 billion times.

These figures are expected to grow. An estimated 98 billion mobile applications will be downloaded by 2015, and the $6.8 billion market for mobile applications is expected to grow to $25 billion within four years.

The rapid growth and expansion in the mobile market exposes consumers to a wide variety of privacy invasions. Smartphones are often on and tethered to their user, transmitting rich data to the app developers. Users of mobile devices are vulnerable to privacy intrusion and abuse by numerous entities, app developers, analytic services and advertising networks. These entities could have access to sensitive information, including a user’s location, contacts, identity, messages and photos. Without a privacy policy, what companies do with the personal data they collect is largely invisible to consumers.

It is estimated that a majority of the mobile apps currently available for download through the platforms do not include even the most basic privacy protection: a privacy policy setting forth how personal data is collected, used and shared. One recent study found that only 5 percent of all mobile apps have a privacy policy.

A recent report by the Federal Trade Commission (FTC), Mobile Apps are Disappointing, evaluated the lack of privacy information available to parents before downloading mobile apps for their children. The FTC report recommended that mobile apps platforms do more to help parents and kids by providing a consistent means for app developers to display information about their privacy practices. The FTC specifically recommended that the platforms provide a designated space for developers to disclose their information in the app stores and markets and that the platforms improve enforcement of requirements for app developers to disclose the private data they collect.

Attorney General Harris, in August, 2011, convened Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion as the most direct way to improve compliance with California law requiring that mobile apps have privacy policies. The platforms have committed to these principles today and are now working to implement them.

“California has a unique commitment to protecting the privacy of our residents. Our constitution directly guarantees a right to privacy, and we will defend it,” added Attorney General Harris. “Forging this common statement of mobile privacy principles shows the power of collaboration -- among government, industry and consumers -- to create solutions to problems no one group can tackle alone.”

Last year, Attorney General Harris also established an eCrime Unit to prosecute identity theft, data intrusions, and crimes involving the use of technology.

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced that Morgan Hicks was sentenced to 22 years in state prison for identity theft and breaking into more than 20 homes in Santa Cruz, Monterey and San Benito counties, often using a shovel.

Hicks pled guilty to 4 counts of residential burglary, 15 counts of receiving stolen property, 2 counts of identity theft and one count of grand theft auto on January 18th in the Monterey County Superior Court. He was sentenced on Friday.

Using a shovel to pry open doors, Hicks broke into over 20 homes in Santa Cruz, Monterey and San Benito counties between June and September 2007. Among the items he stole were jewelry, credit cards, a loaded firearm, and in one instance a 2006 Toyota Solara. Hicks used the credit cards to rent motel rooms and buy food and other items at convenience stores.

Hicks was arrested in September 2007 and held for two years on a parole violation stemming from a 2004 conviction for possessing stolen property. He was later charged with 60 counts related to the multiple burglaries.

The investigation was conducted by the Monterey and Santa Cruz County Sheriff Departments.

SAN JOSE -- Attorney General Kamala D. Harris today announced the creation of the eCrime Unit, staffed with Department of Justice attorneys and investigators, and charged with identifying and prosecuting identity theft crimes, cyber crimes and other crimes involving the use of technology.

“Today’s criminals increasingly use the Internet, smartphones, and other digital devices to victimize people online and offline,” said Attorney General Harris. “I am creating the eCrime Unit so that California can be a leader in using innovative law enforcement techniques to target these criminals. The eCrime Unit will be comprised of investigators and prosecutors charged with working across jurisdictions and leading task forces to protect California consumers and businesses.”

The eCrime Unit investigates and prosecutes crimes that include a substantial technology component. Examples and descriptions of the kinds of crimes that the unit will prosecute are:

• Identity theft – The Internet provides new ways for criminals to steal personal information and identities whether through email phishing scams or trolling the Internet for personal information about others.
• Fraud committed using the Internet – This includes scams perpetrated via email and on Internet auction websites.
• Theft of computer components or services – Burglary and robbery of computers or other electronic devices by highly-organized gangs at manufacturing sites, storage facilities and retail stores.
• Intellectual property crimes, such as counterfeiting or piracy – Large numbers of websites and online networks exist solely for the unauthorized distribution of copyrighted material, such as movies, music and software.
• Child exploitation – Disrupting online child pornography networks and those who commit sex crimes against children using the Internet or social media.

Many of these crimes are multi-jurisdictional and are better suited for prosecution on a statewide level. The eCrime Unit, which began operations in August, consists of 20 attorneys and investigators, many of whom have spent years working on complex technology crimes.

Technology crimes affect consumers, businesses and the state government’s operations. California had 10 of the top 25 metropolitan areas for identity-theft related consumer complaints in 2010. According to the Federal Trade Commission, California has the most identity theft complaints of any state and third highest per capita. In fact, every year, more than 1 million Californians are victims of identity theft. Total losses throughout the state exceeded $46 million last year.

“Every year, California loses millions of dollars because the intellectual capital of our state is being hijacked by criminal elements,” said Assemblywoman Nora Campos, D-San Jose. “The addition of the eCrime Unit to California’s fight against technology crimes sends a clear message that we are determined to root out this type of illegal activity.”

The eCrime Unit will also provide investigative and prosecutorial support to the five California regional high-tech task forces funded through the High Technology Theft Apprehension and Prosecution Trust Fund Program and provide coordination for out-of-state technology-crime investigation requests. The eCrime Unit also will develop and provide training for law enforcement officers, prosecutors, the judiciary, and the public on cyber safety and the importance of strong information-security practices.

“As the importance of the Internet to our economy has grown, criminals have moved online to steal valuable information and goods from individuals and businesses,” said Santa Clara District Attorney Jeffrey Rosen. “In the 21st Century, law enforcement will be increasingly combating online criminal activity. The Attorney General's eCrime Unit will provide much needed resources and expertise to thwart and prosecute online criminals who cause billions of dollars in damage every year.”

Attorney General Harris outlined several cases that exemplify the work of the eCrime Unit. In July, George Bronk, a Sacramento-area man was sentenced to more than four years in state prison after hacking into email addresses and Facebook accounts of victims by finding answers to email security questions. He found indecent pictures and video and then blackmailed the victims. The victims in this case were located in at least 17 states and United Kingdom. More information on the case can be found http://www.oag.ca.gov/news/press_release?id=2541&y=&m=6

Attorney General Harris also announced the filing of five felony charges against Chen Zhang on December 8, 2011, in San Joaquin Superior Court. Zhang is being charged with possession of unauthorized and counterfeit jewelry from five different companies. Investigators for the Attorney General’s Office seized an estimated $1.5 million of counterfeit goods from her residence in Tracy, California on November, 3, 2011. A copy of the complaint, and photographs of the counterfeit jewelry, are attached to the electronic version of this press release.

In another case, defendants allegedly ran an identity theft scam at ATM vestibules across seven counties. They allegedly used a card reader to capture victims’ card numbers and a hidden camera to capture the PIN numbers. Total losses are estimated to be $2 million. The case (California v. Aroutiounyan) originated in San Luis Obispo County, but the Department of Justice eCrime Unit was able to investigate and charge the entirety of the scheme across all seven counties.

The Attorney General also announced the launch of a new web site devoted to cyber safety, which can be found at http://oag.ca.gov/cybersafety. The website contains information about online child safety, identity theft prevention tips and help for victims.

SAN FRANCISCO -- Attorney General Kamala D. Harris today issued a consumer alert with tips on how Californians can protect their personal information from identity theft when shopping online during this holiday season.

1. Consider investing in antivirus and anti-spyware software. If you already have antivirus software, be sure to download the latest security updates, as there are new viruses and malicious programs every day.

2. Use a credit card instead of a debit card. A stolen debit card gives an identity thief a direct line to your bank account, whereas credit cards offer added protection from fraudulent transactions. To be safe, don’t store your credit card numbers online, and review your credit card bills monthly for unauthorized charges.

3. Make purchases through websites that offer secure connections. When shopping online, choose websites or e-merchants that offer heightened SSL (Secure Socket Layer) security to protect your personal information. Before inputting your phone or credit card number, check your browser’s status bar for an unbroken “padlock” icon, which indicates the site uses SSL. Also, because most email accounts are not secure, it’s best not to send payment information in an email.

4. Watch what you post online. The Internet has made it easy to store and share information, but we should be careful when sharing personal information online. Avoid posting addresses and phone numbers on social networking sites, or storing credit card information and passwords in your email account.

5. Strengthen all your passwords and PINs. With so many passwords and personal identification numbers to remember these days, it’s tempting to use a birthday, child’s name, consecutive numbers, or other predictable passwords or PINs. Use a combination of numbers, letters, and symbols to protect your shopping and email accounts with the strongest possible passwords.

6. Talk to your kids about the dangers of online shopping. Children are often so comfortable and confident online they don’t think they need to take special precautions. And identity thieves know this; kids are among their prime targets. Supervise your kids’ online shopping and talk to them about keeping their information secure.

7. Shop at trusted websites. Everyone wants to find the best deals when shopping online, but be cautious when using unfamiliar websites. When shopping at a site that is new or unfamiliar, review customer reviews and Better Business Bureau listings to check the site’s legitimacy.

8. Be wary of fake online stores. Many online scammers steal personal information by redirecting shoppers to fake web pages that look like the checkout pages of legitimate shopping sites. To avoid these traps, be careful what links you click. Set your browser to block pop-up windows, and make sure you type in the store’s web address into your browser window instead of clicking links from email or other websites.

9. Guard your Social Security number. There’s no reason for an online shopping site to request your Social Security number to make a routine purchase.

For more information about identity theft, visit: http://ag.ca.gov/idtheft/index.php.