Privacy & Identity Theft

SAN FRANCISCO --- Attorney General Kamala D. Harris announced today that a Vallejo man has entered into a plea for a four-year prison sentence for participating in an identity theft ring that defraud at least 29 victims in the Bay Area of at least $180,000.

Nick Luu, 30, of Vallejo, pled guilty in San Francisco Superior Court on August 24, 2011 to three counts of identity theft and admitted to participating in a conspiracy with five other defendants.

“Identity theft is one of the fastest growing and most insidious crimes in our technology-driven world,” Attorney General Kamala Harris said. “These criminals cost people their reputation, time and money. There must be accountability and consequences.”

From June 2009 to December 2009, Luu and five other conspirators stole personal information from various sources, including client records at a San Jose law office and Santa Clara dental office where Luu and another defendant worked.

The defendants used the information they stole to make false drivers licenses and file false change-of-address forms to divert the victims’ mail to Post Office boxes that the conspirators opened.

The conspirators then used the false driver’s licenses to open up credit accounts and buy luxury products including flat-screen TVs, Gucci watches, high-end clothing and jewelry. The defendants would often return the products for money.

Luu was one of two main defendants in the multi-defendant, 47-count complaint. Luu will be sentenced on January 5, 2012.

Luu’s three other co-defendants, Chev Chan, Matthew Medlin and Daniel Lee Lesly, have already pled. Chev Chan is due in court for pretrial on September 21.

The US Postal Inspectors Service was the law enforcement agency responsible for investigating the case with support from the California Department of Justice.

SACRAMENTO -- Attorney General Kamala D. Harris announced today that George Samuel Bronk, 23, of Citrus Heights, was sentenced on Friday to more than four years in state prison for stalking women on the social networking site Facebook.

Bronk plead guilty in Sacramento Superior Court to seven felonies, including computer intrusion, false impersonation and possession of child pornography. Bronk received four years, eight months in state prison and will have to register as a sex offender.

"For all of the conveniences the Internet offers, it has also opened a new frontier for crime. Cyber-predators, like Mr. Bronk, must be held accountable for their criminal activities,' Attorney General Harris said. 'Let this be an example for all those who will stoop to steal other people's identities.'

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim's e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Superior Court Judge Lawrence Brown rejected a defense request for probation and sentenced Bronk to state prison. Judge Brown sentenced Bronk to four years in state prison for the crimes of computer intrusion and false impersonation and then added an additional consecutive term of eight months for Bronk's possession of child pornography.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General's assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

SACRAMENTO – A Citrus Heights computer hacker pleaded guilty to seven felony charges for breaking into hundreds of women’s e-mail accounts, the sort of identity theft crime that Californians should take steps to protect themselves against, according to Attorney General Kamala D. Harris.

“This case highlights the fact that anyone with an e-mail account is vulnerable to identity theft,” Attorney General Harris said. “One of the major goals of my office is to track down and prosecute every criminal who would stoop to stealing people’s identities.”

George Samuel Bronk, 23, of Citrus Heights, faces six years in state prison after entering guilty pleas today in Sacramento Superior Court to seven felonies including computer intrusion, false impersonation and possession of child pornography. Bronk will have to register as a sex offender. He will return to court on March 10 for further proceedings relating to his sentence.

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk targeted his victims by scanning Facebook for women who also posted their e-mail addresses there. He then contacted the woman’s e-mail service, pretending he was the legitimate customer, and claimed to have forgotten the password. Bronk was able to correctly answer security questions posed by the e-mail service by finding the answers on victims’ Facebook pages.

Some of the security questions posed by e-mail providers included, “What is your high school mascot?” “What is your father’s middle name?” “What is your favorite food?” and “What is your favorite color?”

Once Bronk gained access to the e-mail account, he changed the password and the victim was locked out.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim’s e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Bronk messaged one victim that he had taken over her e-mail account “because it was funny.” In an online chat session with another victim using the name “xogreeneyesx3,” Bronk demanded the victim send him more explicit photographs or he would post the photographs he already had more widely. The victim complied.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General’s assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights’ home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

Bronk was arrested in October and has been held since then on $500,000 bail.

Attorney General Harris reminded users of e-mail and social networking sites that security questions and answers need to be as secure as passwords. There are steps people can take to avoid being victimized by “security question” hacks. These steps include:

•Pick security questions and answers that do not involve any personal information that is available from social networking sites or any other sites.

•Try to switch the security questions you choose for password protection on e-mail services and social networks.

•Add numbers or special characters to your security answers. For example, the question 'What was the name of your High School' could be answered “Middle02High@School.”

Joining the Attorney General’s office in this investigation were the Sacramento Valley Hi-Tech Crimes Task Force, the CHP, and the Connecticut State Police. The Attorney General’s office prosecuted the case.

For more information about identity theft, please see http://ag.ca.gov/idtheft/.

The arrest warrant and complaint are attached at the Attorney General’s website www.ag.ca.gov.

SAN FRANCISCO—Attorney General Edmund G. Brown Jr. said six individuals arraigned today on identity theft charges “wreaked financial and emotional havoc” on victims by making tens of thousands of dollars in fraudulent charges in their names. The defendants face multiple felony counts of identity theft, conspiracy, possession of stolen property, and grand theft.

The identity theft ring was able to steal 20 identities and over $170,000 worth of cash, expensive clothing, jewelry and accessories. They bought flat screen TVs, a Gucci watch and $31,000 worth of merchandise from Neiman-Marcus. Members of the ring raised cash by returning items bought using fake identities.

“This criminal identity theft ring wreaked financial and emotional havoc on the victims, who will now endure hours of work fixing their credit and rebuilding their lives,” Brown said. “It’s important to keep these fraud rings from ripping off other victims.”

The six defendants face charges of violating California Penal Code section 182 for conspiring to commit identity theft, section 484 for theft, section 530.5 for identity theft, and section 496 for possession of stolen property. Possible sentences for each defendant range from a minimum of four years to a maximum of 27 years and four months.

The individuals facing charges today include:
• Matthew Medlin, 31, of Campbell.
• Jessica Campos, 30, of Santa Clara, also faces charges of violating California Penal Code section 502(c) for using dental office clients’ personal information.
• Chev Chan, 31, of San Jose, also faces charges of violating California Penal Code section 496 for receiving stolen property.
• Quang Le, 32, of Santa Clara. Le also faces charges of violating California Penal Code section 487 for grand theft.
• Daniel Lee Lesly, 31, of Los Altos. Lesly also faces charges of violating California Penal Code section 487 for grand theft.
• Nick Phuong Luu, 29, of Vallejo. Luu also faces charges of violating California Penal Code section 487 for grand theft, and section 496 for receiving stolen property.

In late 2009, Brown’s office was notified by the U.S. Postal Inspection Service that several individuals reported their social security numbers had been illegally used to apply for credit cards. The credit card information was sent to a San Jose residence later discovered to be the home of Chev Chan.

The subsequent investigation revealed that between June and December of 2009, the defendants, along with other unnamed suspects, engaged in an identity theft spree throughout the Bay Area. The ring’s leaders, Nick Luu and Chev Chan, used several San Jose, Santa Clara, Sunnyvale, and Campbell addresses to divert the victims’ mail. Luu and Chan also had victims’ mail sent through false change-of-address forms and opened five Post Office boxes in San Jose.

Most of the victims’ identities were stolen from clients at a San Jose law office and Santa Clara dental office where two of the defendants worked.

During a search of Nick Luu’s residence, Brown’s office found 10 dental claim forms that contained patients’ names, addresses, dates of birth and social security numbers. The forms were given to Luu by Jessica Campos, an employee of the Santa Clara dental office, to use to manufacture fake identities. Campos was told by leaders in the ring to obtain current employers and addresses of Asian males who were about the same ages as the conspirators. As a result of Campos’ involvement, three dental office patients had their personal information used to make fraudulent purchases.

Chev Chan, used stolen identities to open Discover, Bank of America, and Chase credit cards while he worked at the San Jose law office. Chan used his work computer to change account addresses and open fraudulent credit card accounts under two victims’ names. Chan also used his employment address to receive mail and open two Post Office boxes under the victims’ names.

One of the defendants, Quang Le, was seen on video surveillance at Zales Jewelers in Eastridge Mall making a fraudulent purchase of $4,400. Le also racked up over $31,000 in fraudulent charges at Neiman-Marcus.

The fraud ring also opened fraudulent bank accounts and wrote dozens of checks. Daniel Lesly wrote 15 non-sufficient-funds checks totaling almost $2,000 from an account he fraudulently opened at Bank of America. The checks were written from the account to Target and Lucky’s. Lesly also returned a Gucci watch, previously purchased using a fake identity, and took over $2,000 in cash for the exchange.

To enable him to use the credit cards, defendant Mark Medlin used the victims’ identities to open credit lines and manufacture fake California driver’s licenses. These fraudulent driver’s licenses were used by Nick Luu, Chev Chan, and Quang Le.

Additional items purchased with the stolen identities include:
• A watch worth $8,150 from Ben Bridge Jewelers
• Merchandise worth $6,402 from Nordstrom
• A 55” flat screen television worth $3,277 from Sears online
• A 40” flat screen television worth $1,509 from Sears online
• Comforters and bedding worth $725 from Macy’s
• A Movado watch worth $1,281 from Kay’s Jewelers
• A Tag Heuer watch worth $4,485 from Macy’s
• Jewelry worth $8,150 from Ben Bridge Jewelers

A copy of the complaint available upon request.

San Diego—Attorney General Edmund G. Brown Jr. today joined the Federal Trade Commission (FTC) and 34 other attorneys general to announce a settlement against LifeLock, Inc. that prevents the company from “misrepresenting and overstating” the identity theft protection services it offers to consumers.

“LifeLock sold Californians a false sense of security against identity theft with advertisements that were chock full of inflated claims and promises,” Brown said. “Today’s settlement prevents the company from misrepresenting and overstating its services and reimburses LifeLock subscribers who were misled.”

Last year, Brown joined the FTC and numerous attorneys general to jointly investigate LifeLock’s business practices. The investigation followed a number of misleading advertisements from the company that included a testimonial from the CEO in which he gave out his social security number to demonstrate his confidence in LifeLock’s services.

Brown’s complaint contends that LifeLock falsely led customers to believe that they would be protected against all forms of identity theft, reimbursed directly for losses tied to identity theft and telephoned prior to any new credit being issued under their name. None of these claims were accurate.

LifeLock advertisements also implied that any fraudulently obtained personal information would be removed from criminal websites, when in fact the company only notified consumers when their information had been compromised.

Today’s settlement prevents LifeLock from misrepresenting that its services:

• Provide complete protection against all forms of identity theft;
• Constantly monitor activity on each of its customers’ consumer reports;
• Prevent unauthorized changes to customers’ address information; and
• Ensure that a customer always receives a phone call from a potential creditor before a new credit account is opened in the customer’s name.

LifeLock also agreed to pay $11 million in restitution to its subscribers and $1 million to cover the costs of the states’ investigation. Brown’s office and the FTC will jointly send letters over the next two weeks to customers in California that subscribed to LifeLock between April 1, 2005 and March 30, 2009, notifying them of the agreement and how they can opt-in to the settlement. LifeLock typically charged consumers $10 a month to subscribe to its identity theft protection services.

Under the terms of the agreement, LifeLock must also stop overstating the risk of identity theft to consumers. In the past, LifeLock sent direct mailers to individual consumers that featured warnings such as, “You’re receiving this because you may be at risk of identity theft,” without knowledge or facts to substantiate these claims.

A number of the services offered by LifeLock are available free-of-charge to consumers including, placing a fraud alert on a credit record and requesting an annual credit report to review credit history and identify errors and inaccuracies. Both services can be completed by contacting one of the three major credit reporting agencies. Consumers are also best-positioned to monitor their own bank accounts and credit card statements for unauthorized withdrawals or charges.

Other states participating in today’s agreement include: Alaska, Arizona, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington and West Virginia.

The complaint and judgment, which will be filed concurrently today in San Diego County Superior Court, are attached.

Oakland- After a “massive breach” jeopardized the personal information of 50 million consumers, Attorney General Edmund G. Brown Jr. today joined 40 other states in requiring TJX--the parent company of TJ Maxx, Marshall’s, HomeGoods, and A.J. Wright-- to bolster the security of its databases.

“TJX ignored flaws in its credit card database, until hackers broke into it, gaining access to the personal information of almost 50 million people,” Brown said. “This agreement requires the company to carefully test its security systems and upgrade them to the highest contemporary standards.”

In January 2007, TJX announced that hackers had gained access to portions of its computer databases, which stored credit and debit card numbers, social security numbers and personal information of over 50 million customers.

Subsequently, 41 state attorneys general launched an investigation into how the hackers gained access and if the company did enough to protect its customers.

The investigation found that TJX failed to address the security flaws identified in a 2004 internal audit. This audit found major vulnerabilities connected to using firewalls, encrypting cardholder data, updating anti-virus software and regularly testing security systems. Just one year later, hackers from several different countries exploited the same vulnerabilities the audit identified.

The hackers accessed the company’s databases, connected to unsecured wireless networks, on two separate occasions. The first breach occurred in 2005 when hackers accessed TJX’s main server in Framingham, Mass. They targeted unencrypted and unprotected data such as: names, addresses, social security numbers, military ID numbers, and driver’s license numbers. The hackers obtained 94 million unique credit/debit card numbers.

The second breach occurred in 2006 in which the hackers installed an Open Virtual Private Network (Open VPN) on the main server. Using this connection, the intruders were able to capture card data such as: account numbers, cardholder names, credit card expiration dates, and PIN numbers. The hackers were able to intercept the data as it was being transmitted from banks to the 1,774 retail stores where customers were making purchases. The company estimates tens of millions of credit card transactions were intercepted.

These consumers were put at risk of identity theft, and many were forced to incur credit monitoring costs.

To date, 11 individuals have been arrested in connection with the incidents. Three of the hackers are U.S. citizens, one is from Estonia, three are from Ukraine, two are from the People’s Republic of China and one is from Belarus.

Under the agreement, the company must:
• Implement and maintain an Information Security Program designed to protect the security, confidentiality and integrity of personal information within 120 days;
• Designate employees to coordinate and be accountable for the new Information Security Program;
• Conduct a thorough risk assessment of the program;
• Conduct regular testing and monitoring of the effectiveness of the program;
• Replace or upgrade all wired and wireless systems;
• Refrain from storing all personal data such as: account number, cardholder name, expiration date, and PIN on the magnetic strip on the back of credit cards;
• Install intruder detection systems and other devices to track and monitor unauthorized access; and
• Participate in pilot programs for testing new security-related payment card technology.

In addition, TJX will pay $5.5 million for data protection and consumer protection efforts; $2.5 million to a Data Security Fund to be used to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information and $1.75 million in other costs and fees associated with the investigation.

California has 73 TJ Maxx stores, 103 Marshall’s stores, 7 A.J. Wright stores and 31 HomeGoods stores. California will receive $624,393 as part of the agreement.

States involved in today’s agreement are: Alabama, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.

A copy of the settlement agreement is attached.

RANCHO CUCUMONGA— Attorney General Edmund G. Brown Jr. today announced that charges were filed against Dr. Lisa Barden of Rancho Cucumonga, who broke the law and “wrecked havoc” on the lives of patients whose identities she stole to obtain highly addictive pain killers.

“This physician wrecked havoc on the lives of dozens of patients, violating her oath and abusing her position as a doctor,” Attorney General Brown said.

In November 2007, the California Department of Justice’s Bureau of Narcotic Enforcement began an investigation of Dr. Barden, who illegally obtained prescription drugs on 131 separate occasions from more than 43 different pharmacies. Barden obtained more than 30,000 tablets of prescription painkillers, including hydrocodone (Vicodin) and oxycodone (Oxycotin). Dr. Barden was arrested on Thursday, January 29.

The Riverside District Attorney’s Office filed 276 felony counts including: commercial burglary, forgery, obtaining a controlled substance by fraud, possession of a controlled substance, insurance fraud and identity theft. Agents recovered from her home multiple prescription pads for 12 different doctors, as well as the personal information of 93 people who are alleged victims of identity theft.

The investigation was led by the Riverside Regional Pharmaceutical Narcotic Enforcement Team, which is a cooperative effort with the California Department of Insurance, Fraud Division and the U.S. Drug Enforcement Administration.

This initiative is part of the Attorney General’s plan to address prescription drug abuse in the state and make it easier for doctors to keep track of prescription drug records.

Prescription drug abuse can have serious public safety consequences, as many abusers hold down critical jobs including truck drivers, transit operators and medical practitioners. The Attorney General has been working in cooperation with the Troy and Alana Pack Foundation, founded by Bob Pack, whose 7 and 10-year old children were killed by a driver who was under the influence of prescription drugs obtained from multiple doctors, to make tracking prescription drug records easier.

Last year, Attorney General Brown unveiled a plan to provide doctors and pharmacies with real-time Internet access to patient prescription drug histories. Under Brown’s proposal, health professionals will have computer access to the drug histories of patients, replacing the current outdated system that required mailing or faxing written requests for information. Each year, more than 60,000 such requests are made to the California Department of Justice.

The state’s database, known as the Controlled Substance Utilization Review and Evaluation System (CURES), contains 86 million entries for prescription drugs dispensed in California, giving healthcare professionals the technology they need to fight the prescription drug abuse currently burdening California’s healthcare system.

According to the latest Department of Justice “Drug Trends” report, Valium, Vicodin, and Oxycontin are the most prevalent pharmaceutical drugs obtained fraudulently. Vicodin and Oxycontin are the two most abused pharmaceutical drugs in the United States.

SACRAMENTO--Governor Arnold Schwarzenegger and Attorney General Edmund G. Brown Jr. today called upon California’s Internet service providers to follow the lead of Verizon, Time Warner Cable and Sprint by “removing child pornography from existing servers and blocking channels” that disseminate the illegal material.

“Protecting the safety of our children must be a top priority, not just for government, but also for businesses with the direct power to reduce the ability to conduct illegal activity,” Governor Arnold Schwarzenegger and Attorney General Edmund G. Brown Jr. said in a joint letter to the California Internet Service Provider Association, which represents more than 100 Internet service providers in California.

“We applaud three of the world’s largest Internet service providers—Verizon, Time Warner Cable, and Sprint—for taking steps to block access to child pornography. It is not enough, however, for only a few Internet service providers to join the fight against online predators. Child pornography is not protected by the First Amendment, and distributing this material is illegal.”

On June 10, 2008, New York Attorney General Andrew Cuomo announced agreements with Verizon, Time Warner Cable, and Sprint, to block access to child pornography by purging their servers of existing child pornography and eliminating access to child pornography newsgroups.

Governor Schwarzenegger and Attorney General Brown said other Internet service providers should follow these companies’ lead by ridding their own servers of child pornography and preventing access to illegal content through newsgroups.

“The California Internet Service Providers Association is the largest association of Internet providers in the country and we are asking your members to take their leadership role seriously. The association can begin by working with its more than 100 members to remove child pornography from existing servers and blocking channels, which include newsgroups, used for distributing this material,” Schwarzenegger and Brown said.

California is home to the Silicon Valley which has hundreds of Internet service providers, ranging from large companies to smaller, local providers. Some of the major providers include AT&T and AOL. According to the California ISP Association, the largest such association in the country, there are more than 100 Internet service providers in California.

The California Attorney General’s office has been working with other states to protect children from dangerous predators on the Internet. California recently joined 49 other states in reaching agreements with Myspace and Facebook so that those social networking sites take steps, including age and ID verification processes, to protect children from online sexual predators. The attorney general’s office also deploys special agents who conduct undercover investigations into online sexual predators. For more information about the apprehension teams, visit: www.ag.ca.gov/cbi

A copy of Governor Schwarzenegger and Attorney General Brown’s letter to the California Internet Service Providers Association, sent today, is attached.

LOS ANGELES--California Attorney General Edmund G. Brown Jr. today called upon CVS Pharmacy to immediately stop selling expired products, including baby food and over-the-counter medications, which were discovered during recent undercover shopping investigation in Southern California. The attorney general also asked the CVS to comply with California laws requiring proper storage and disposal consumer’s confidential medical and financial information.

“State investigators found that dozens of CVS pharmacies in Southern California have old and expired products, including medicines and baby food,” Attorney General Brown said. “CVS Pharmacy should immediately pull these expired products from its shelves and ensure that these consumer safety violations do not occur again,” Brown added.

During a recent undercover shopping operation, state investigators found 48 expired products on the shelves of 26 CVS Pharmacies in Los Angeles, Orange and San Diego Counties. Some of the expired products--which included baby formula, toddler food, and over-the-counter medications--were between four and six months old. Investigators also discovered expired food products including milk and eggs. Some of the products’ “sell by” dates were hidden with price tags or other store stickers.

Recent investigations by the New York Attorney General have also found that CVS Pharmacies in New York have engaged in similarly unlawful selling practices. In a letter sent today, Attorney General Brown asked CVS Pharmacy to change its sales practices to make certain that sales of expired product do not occur in the future.

The California Attorney General’s Office had launched its investigation into CVS Pharmacy sales practices in March, 2008 after receiving consumer reports about expired products on store shelves in Southern California.

Although California law does not explicitly prohibit the sale of certain expired products, federal laws require that products contain expiration dates. The attorney general asserts that placing expired items on its shelves violates false advertising and unfair business practices statues because CVS Pharmacy falsely implies that its products meet national quality control standards.

Attorney General Brown also asked CVS Pharmacy to disclose its formal policies regarding the collection, retention and destruction of such information to determine whether the company is complying with California law. The attorney general has reason to believe that the company may not have properly safeguarded or disposed of consumers’ private health and financial information, in violation of state consumer protection laws.

In February, 2008 Brown reached a settlement with The Walgreen Company after state investigators discovered that that company had failed to properly retain, safeguard and dispose of confidential customer information, in violation of California laws including California Civil Code section 1798.81 Under the terms of that settlement, Walgreens agreed to revise its disposal and retention policies, implement ongoing employee training, and annually review those policies.

In addition to the ceasing the sale of expired products, Attorney General Brown today asked CVS Pharmacy to quickly resolve its practice of not protecting private consumer information.

CVS Pharmacy, a division of CVS Caremark Corporation, is the largest retail pharmacy in the United States with more than 6,300 retail locations and approximately 300 stores in California, most in Southern California. The company is headquartered in Woonsocket, Rhode Island.

LOS ANGELES--In an effort to bolster personal privacy and intellectual property rights, California Attorney General Edmund G. Brown Jr. today announced that District Attorneys in Los Angeles, Orange and San Diego will begin receiving funds for the fight against identity theft violations. The funds, which will be used to purchase specialized equipment, will also assist prosecutors in the evaluation of intellectual property rights violations and other privacy violations. The financial disbursements are the direct result of the state's settlement of a civil case against Hewlett Packard following allegations that the company engaged in the practice of pretexting in order to gain unlawful access to phone records.

The disbursement, totaling $178,000, marks the first of many payments from the state's $13.5 million Privacy and Piracy Fund established in the wake of the settlement. The funds will be used to purchase equipment, including technology for forensic computer analysis, which will assist in the evaluation of evidence from identity theft investigations.

Brown said: 'This Fund provides substantial sums to local prosecutors, over the next decade, to defend against against high-tech crimes and identity theft. This action, the first of many, is another step towards protecting personal privacy in the age of the Internet.'

Today's recipients of the grant are the Los Angeles County District Attorney's Office, the Orange County District Attorney's Office, and the San Diego County District Attorney's Office.

Every year, up to $500,000 from the Fund can be distributed to district attorneys and city attorneys so that they can conduct investigations and bring prosecutions to protect privacy rights and intellectual property rights.

The civil complaint alleged that Hewlett Packard used false pretenses to obtain personal confidential information, including billing records, from phone companies.

Attorney General Brown will continue to accept applications for disbursements from the Fund for the remainder of 2007. District attorneys and city attorneys are encouraged to continue submitting applications, pursuant to the instructions outlined at: http://ag.ca.gov/hpsettlement/

The settlement agreement is attached.