Privacy & Identity Theft

SAN JOSE -- Attorney General Kamala D. Harris today announced the creation of the eCrime Unit, staffed with Department of Justice attorneys and investigators, and charged with identifying and prosecuting identity theft crimes, cyber crimes and other crimes involving the use of technology.

“Today’s criminals increasingly use the Internet, smartphones, and other digital devices to victimize people online and offline,” said Attorney General Harris. “I am creating the eCrime Unit so that California can be a leader in using innovative law enforcement techniques to target these criminals. The eCrime Unit will be comprised of investigators and prosecutors charged with working across jurisdictions and leading task forces to protect California consumers and businesses.”

The eCrime Unit investigates and prosecutes crimes that include a substantial technology component. Examples and descriptions of the kinds of crimes that the unit will prosecute are:

• Identity theft – The Internet provides new ways for criminals to steal personal information and identities whether through email phishing scams or trolling the Internet for personal information about others.
• Fraud committed using the Internet – This includes scams perpetrated via email and on Internet auction websites.
• Theft of computer components or services – Burglary and robbery of computers or other electronic devices by highly-organized gangs at manufacturing sites, storage facilities and retail stores.
• Intellectual property crimes, such as counterfeiting or piracy – Large numbers of websites and online networks exist solely for the unauthorized distribution of copyrighted material, such as movies, music and software.
• Child exploitation – Disrupting online child pornography networks and those who commit sex crimes against children using the Internet or social media.

Many of these crimes are multi-jurisdictional and are better suited for prosecution on a statewide level. The eCrime Unit, which began operations in August, consists of 20 attorneys and investigators, many of whom have spent years working on complex technology crimes.

Technology crimes affect consumers, businesses and the state government’s operations. California had 10 of the top 25 metropolitan areas for identity-theft related consumer complaints in 2010. According to the Federal Trade Commission, California has the most identity theft complaints of any state and third highest per capita. In fact, every year, more than 1 million Californians are victims of identity theft. Total losses throughout the state exceeded $46 million last year.

“Every year, California loses millions of dollars because the intellectual capital of our state is being hijacked by criminal elements,” said Assemblywoman Nora Campos, D-San Jose. “The addition of the eCrime Unit to California’s fight against technology crimes sends a clear message that we are determined to root out this type of illegal activity.”

The eCrime Unit will also provide investigative and prosecutorial support to the five California regional high-tech task forces funded through the High Technology Theft Apprehension and Prosecution Trust Fund Program and provide coordination for out-of-state technology-crime investigation requests. The eCrime Unit also will develop and provide training for law enforcement officers, prosecutors, the judiciary, and the public on cyber safety and the importance of strong information-security practices.

“As the importance of the Internet to our economy has grown, criminals have moved online to steal valuable information and goods from individuals and businesses,” said Santa Clara District Attorney Jeffrey Rosen. “In the 21st Century, law enforcement will be increasingly combating online criminal activity. The Attorney General's eCrime Unit will provide much needed resources and expertise to thwart and prosecute online criminals who cause billions of dollars in damage every year.”

Attorney General Harris outlined several cases that exemplify the work of the eCrime Unit. In July, George Bronk, a Sacramento-area man was sentenced to more than four years in state prison after hacking into email addresses and Facebook accounts of victims by finding answers to email security questions. He found indecent pictures and video and then blackmailed the victims. The victims in this case were located in at least 17 states and United Kingdom. More information on the case can be found http://www.oag.ca.gov/news/press_release?id=2541&y=&m=6

Attorney General Harris also announced the filing of five felony charges against Chen Zhang on December 8, 2011, in San Joaquin Superior Court. Zhang is being charged with possession of unauthorized and counterfeit jewelry from five different companies. Investigators for the Attorney General’s Office seized an estimated $1.5 million of counterfeit goods from her residence in Tracy, California on November, 3, 2011. A copy of the complaint, and photographs of the counterfeit jewelry, are attached to the electronic version of this press release.

In another case, defendants allegedly ran an identity theft scam at ATM vestibules across seven counties. They allegedly used a card reader to capture victims’ card numbers and a hidden camera to capture the PIN numbers. Total losses are estimated to be $2 million. The case (California v. Aroutiounyan) originated in San Luis Obispo County, but the Department of Justice eCrime Unit was able to investigate and charge the entirety of the scheme across all seven counties.

The Attorney General also announced the launch of a new web site devoted to cyber safety, which can be found at http://oag.ca.gov/cybersafety. The website contains information about online child safety, identity theft prevention tips and help for victims.

SAN FRANCISCO -- Attorney General Kamala D. Harris today issued a consumer alert with tips on how Californians can protect their personal information from identity theft when shopping online during this holiday season.

1. Consider investing in antivirus and anti-spyware software. If you already have antivirus software, be sure to download the latest security updates, as there are new viruses and malicious programs every day.

2. Use a credit card instead of a debit card. A stolen debit card gives an identity thief a direct line to your bank account, whereas credit cards offer added protection from fraudulent transactions. To be safe, don’t store your credit card numbers online, and review your credit card bills monthly for unauthorized charges.

3. Make purchases through websites that offer secure connections. When shopping online, choose websites or e-merchants that offer heightened SSL (Secure Socket Layer) security to protect your personal information. Before inputting your phone or credit card number, check your browser’s status bar for an unbroken “padlock” icon, which indicates the site uses SSL. Also, because most email accounts are not secure, it’s best not to send payment information in an email.

4. Watch what you post online. The Internet has made it easy to store and share information, but we should be careful when sharing personal information online. Avoid posting addresses and phone numbers on social networking sites, or storing credit card information and passwords in your email account.

5. Strengthen all your passwords and PINs. With so many passwords and personal identification numbers to remember these days, it’s tempting to use a birthday, child’s name, consecutive numbers, or other predictable passwords or PINs. Use a combination of numbers, letters, and symbols to protect your shopping and email accounts with the strongest possible passwords.

6. Talk to your kids about the dangers of online shopping. Children are often so comfortable and confident online they don’t think they need to take special precautions. And identity thieves know this; kids are among their prime targets. Supervise your kids’ online shopping and talk to them about keeping their information secure.

7. Shop at trusted websites. Everyone wants to find the best deals when shopping online, but be cautious when using unfamiliar websites. When shopping at a site that is new or unfamiliar, review customer reviews and Better Business Bureau listings to check the site’s legitimacy.

8. Be wary of fake online stores. Many online scammers steal personal information by redirecting shoppers to fake web pages that look like the checkout pages of legitimate shopping sites. To avoid these traps, be careful what links you click. Set your browser to block pop-up windows, and make sure you type in the store’s web address into your browser window instead of clicking links from email or other websites.

9. Guard your Social Security number. There’s no reason for an online shopping site to request your Social Security number to make a routine purchase.

For more information about identity theft, visit: http://ag.ca.gov/idtheft/index.php.

SAN FRANCISCO --- Attorney General Kamala D. Harris announced today that a Vallejo man has entered into a plea for a four-year prison sentence for participating in an identity theft ring that defraud at least 29 victims in the Bay Area of at least $180,000.

Nick Luu, 30, of Vallejo, pled guilty in San Francisco Superior Court on August 24, 2011 to three counts of identity theft and admitted to participating in a conspiracy with five other defendants.

“Identity theft is one of the fastest growing and most insidious crimes in our technology-driven world,” Attorney General Kamala Harris said. “These criminals cost people their reputation, time and money. There must be accountability and consequences.”

From June 2009 to December 2009, Luu and five other conspirators stole personal information from various sources, including client records at a San Jose law office and Santa Clara dental office where Luu and another defendant worked.

The defendants used the information they stole to make false drivers licenses and file false change-of-address forms to divert the victims’ mail to Post Office boxes that the conspirators opened.

The conspirators then used the false driver’s licenses to open up credit accounts and buy luxury products including flat-screen TVs, Gucci watches, high-end clothing and jewelry. The defendants would often return the products for money.

Luu was one of two main defendants in the multi-defendant, 47-count complaint. Luu will be sentenced on January 5, 2012.

Luu’s three other co-defendants, Chev Chan, Matthew Medlin and Daniel Lee Lesly, have already pled. Chev Chan is due in court for pretrial on September 21.

The US Postal Inspectors Service was the law enforcement agency responsible for investigating the case with support from the California Department of Justice.

SACRAMENTO -- Attorney General Kamala D. Harris announced today that George Samuel Bronk, 23, of Citrus Heights, was sentenced on Friday to more than four years in state prison for stalking women on the social networking site Facebook.

Bronk plead guilty in Sacramento Superior Court to seven felonies, including computer intrusion, false impersonation and possession of child pornography. Bronk received four years, eight months in state prison and will have to register as a sex offender.

"For all of the conveniences the Internet offers, it has also opened a new frontier for crime. Cyber-predators, like Mr. Bronk, must be held accountable for their criminal activities,' Attorney General Harris said. 'Let this be an example for all those who will stoop to steal other people's identities.'

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim's e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Superior Court Judge Lawrence Brown rejected a defense request for probation and sentenced Bronk to state prison. Judge Brown sentenced Bronk to four years in state prison for the crimes of computer intrusion and false impersonation and then added an additional consecutive term of eight months for Bronk's possession of child pornography.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General's assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

SACRAMENTO – A Citrus Heights computer hacker pleaded guilty to seven felony charges for breaking into hundreds of women’s e-mail accounts, the sort of identity theft crime that Californians should take steps to protect themselves against, according to Attorney General Kamala D. Harris.

“This case highlights the fact that anyone with an e-mail account is vulnerable to identity theft,” Attorney General Harris said. “One of the major goals of my office is to track down and prosecute every criminal who would stoop to stealing people’s identities.”

George Samuel Bronk, 23, of Citrus Heights, faces six years in state prison after entering guilty pleas today in Sacramento Superior Court to seven felonies including computer intrusion, false impersonation and possession of child pornography. Bronk will have to register as a sex offender. He will return to court on March 10 for further proceedings relating to his sentence.

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk targeted his victims by scanning Facebook for women who also posted their e-mail addresses there. He then contacted the woman’s e-mail service, pretending he was the legitimate customer, and claimed to have forgotten the password. Bronk was able to correctly answer security questions posed by the e-mail service by finding the answers on victims’ Facebook pages.

Some of the security questions posed by e-mail providers included, “What is your high school mascot?” “What is your father’s middle name?” “What is your favorite food?” and “What is your favorite color?”

Once Bronk gained access to the e-mail account, he changed the password and the victim was locked out.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim’s e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Bronk messaged one victim that he had taken over her e-mail account “because it was funny.” In an online chat session with another victim using the name “xogreeneyesx3,” Bronk demanded the victim send him more explicit photographs or he would post the photographs he already had more widely. The victim complied.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General’s assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights’ home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

Bronk was arrested in October and has been held since then on $500,000 bail.

Attorney General Harris reminded users of e-mail and social networking sites that security questions and answers need to be as secure as passwords. There are steps people can take to avoid being victimized by “security question” hacks. These steps include:

•Pick security questions and answers that do not involve any personal information that is available from social networking sites or any other sites.

•Try to switch the security questions you choose for password protection on e-mail services and social networks.

•Add numbers or special characters to your security answers. For example, the question 'What was the name of your High School' could be answered “Middle02High@School.”

Joining the Attorney General’s office in this investigation were the Sacramento Valley Hi-Tech Crimes Task Force, the CHP, and the Connecticut State Police. The Attorney General’s office prosecuted the case.

For more information about identity theft, please see http://ag.ca.gov/idtheft/.

The arrest warrant and complaint are attached at the Attorney General’s website www.ag.ca.gov.

SAN FRANCISCO—Attorney General Edmund G. Brown Jr. said six individuals arraigned today on identity theft charges “wreaked financial and emotional havoc” on victims by making tens of thousands of dollars in fraudulent charges in their names. The defendants face multiple felony counts of identity theft, conspiracy, possession of stolen property, and grand theft.

The identity theft ring was able to steal 20 identities and over $170,000 worth of cash, expensive clothing, jewelry and accessories. They bought flat screen TVs, a Gucci watch and $31,000 worth of merchandise from Neiman-Marcus. Members of the ring raised cash by returning items bought using fake identities.

“This criminal identity theft ring wreaked financial and emotional havoc on the victims, who will now endure hours of work fixing their credit and rebuilding their lives,” Brown said. “It’s important to keep these fraud rings from ripping off other victims.”

The six defendants face charges of violating California Penal Code section 182 for conspiring to commit identity theft, section 484 for theft, section 530.5 for identity theft, and section 496 for possession of stolen property. Possible sentences for each defendant range from a minimum of four years to a maximum of 27 years and four months.

The individuals facing charges today include:
• Matthew Medlin, 31, of Campbell.
• Jessica Campos, 30, of Santa Clara, also faces charges of violating California Penal Code section 502(c) for using dental office clients’ personal information.
• Chev Chan, 31, of San Jose, also faces charges of violating California Penal Code section 496 for receiving stolen property.
• Quang Le, 32, of Santa Clara. Le also faces charges of violating California Penal Code section 487 for grand theft.
• Daniel Lee Lesly, 31, of Los Altos. Lesly also faces charges of violating California Penal Code section 487 for grand theft.
• Nick Phuong Luu, 29, of Vallejo. Luu also faces charges of violating California Penal Code section 487 for grand theft, and section 496 for receiving stolen property.

In late 2009, Brown’s office was notified by the U.S. Postal Inspection Service that several individuals reported their social security numbers had been illegally used to apply for credit cards. The credit card information was sent to a San Jose residence later discovered to be the home of Chev Chan.

The subsequent investigation revealed that between June and December of 2009, the defendants, along with other unnamed suspects, engaged in an identity theft spree throughout the Bay Area. The ring’s leaders, Nick Luu and Chev Chan, used several San Jose, Santa Clara, Sunnyvale, and Campbell addresses to divert the victims’ mail. Luu and Chan also had victims’ mail sent through false change-of-address forms and opened five Post Office boxes in San Jose.

Most of the victims’ identities were stolen from clients at a San Jose law office and Santa Clara dental office where two of the defendants worked.

During a search of Nick Luu’s residence, Brown’s office found 10 dental claim forms that contained patients’ names, addresses, dates of birth and social security numbers. The forms were given to Luu by Jessica Campos, an employee of the Santa Clara dental office, to use to manufacture fake identities. Campos was told by leaders in the ring to obtain current employers and addresses of Asian males who were about the same ages as the conspirators. As a result of Campos’ involvement, three dental office patients had their personal information used to make fraudulent purchases.

Chev Chan, used stolen identities to open Discover, Bank of America, and Chase credit cards while he worked at the San Jose law office. Chan used his work computer to change account addresses and open fraudulent credit card accounts under two victims’ names. Chan also used his employment address to receive mail and open two Post Office boxes under the victims’ names.

One of the defendants, Quang Le, was seen on video surveillance at Zales Jewelers in Eastridge Mall making a fraudulent purchase of $4,400. Le also racked up over $31,000 in fraudulent charges at Neiman-Marcus.

The fraud ring also opened fraudulent bank accounts and wrote dozens of checks. Daniel Lesly wrote 15 non-sufficient-funds checks totaling almost $2,000 from an account he fraudulently opened at Bank of America. The checks were written from the account to Target and Lucky’s. Lesly also returned a Gucci watch, previously purchased using a fake identity, and took over $2,000 in cash for the exchange.

To enable him to use the credit cards, defendant Mark Medlin used the victims’ identities to open credit lines and manufacture fake California driver’s licenses. These fraudulent driver’s licenses were used by Nick Luu, Chev Chan, and Quang Le.

Additional items purchased with the stolen identities include:
• A watch worth $8,150 from Ben Bridge Jewelers
• Merchandise worth $6,402 from Nordstrom
• A 55” flat screen television worth $3,277 from Sears online
• A 40” flat screen television worth $1,509 from Sears online
• Comforters and bedding worth $725 from Macy’s
• A Movado watch worth $1,281 from Kay’s Jewelers
• A Tag Heuer watch worth $4,485 from Macy’s
• Jewelry worth $8,150 from Ben Bridge Jewelers

A copy of the complaint available upon request.

San Diego—Attorney General Edmund G. Brown Jr. today joined the Federal Trade Commission (FTC) and 34 other attorneys general to announce a settlement against LifeLock, Inc. that prevents the company from “misrepresenting and overstating” the identity theft protection services it offers to consumers.

“LifeLock sold Californians a false sense of security against identity theft with advertisements that were chock full of inflated claims and promises,” Brown said. “Today’s settlement prevents the company from misrepresenting and overstating its services and reimburses LifeLock subscribers who were misled.”

Last year, Brown joined the FTC and numerous attorneys general to jointly investigate LifeLock’s business practices. The investigation followed a number of misleading advertisements from the company that included a testimonial from the CEO in which he gave out his social security number to demonstrate his confidence in LifeLock’s services.

Brown’s complaint contends that LifeLock falsely led customers to believe that they would be protected against all forms of identity theft, reimbursed directly for losses tied to identity theft and telephoned prior to any new credit being issued under their name. None of these claims were accurate.

LifeLock advertisements also implied that any fraudulently obtained personal information would be removed from criminal websites, when in fact the company only notified consumers when their information had been compromised.

Today’s settlement prevents LifeLock from misrepresenting that its services:

• Provide complete protection against all forms of identity theft;
• Constantly monitor activity on each of its customers’ consumer reports;
• Prevent unauthorized changes to customers’ address information; and
• Ensure that a customer always receives a phone call from a potential creditor before a new credit account is opened in the customer’s name.

LifeLock also agreed to pay $11 million in restitution to its subscribers and $1 million to cover the costs of the states’ investigation. Brown’s office and the FTC will jointly send letters over the next two weeks to customers in California that subscribed to LifeLock between April 1, 2005 and March 30, 2009, notifying them of the agreement and how they can opt-in to the settlement. LifeLock typically charged consumers $10 a month to subscribe to its identity theft protection services.

Under the terms of the agreement, LifeLock must also stop overstating the risk of identity theft to consumers. In the past, LifeLock sent direct mailers to individual consumers that featured warnings such as, “You’re receiving this because you may be at risk of identity theft,” without knowledge or facts to substantiate these claims.

A number of the services offered by LifeLock are available free-of-charge to consumers including, placing a fraud alert on a credit record and requesting an annual credit report to review credit history and identify errors and inaccuracies. Both services can be completed by contacting one of the three major credit reporting agencies. Consumers are also best-positioned to monitor their own bank accounts and credit card statements for unauthorized withdrawals or charges.

Other states participating in today’s agreement include: Alaska, Arizona, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington and West Virginia.

The complaint and judgment, which will be filed concurrently today in San Diego County Superior Court, are attached.

Oakland- After a “massive breach” jeopardized the personal information of 50 million consumers, Attorney General Edmund G. Brown Jr. today joined 40 other states in requiring TJX--the parent company of TJ Maxx, Marshall’s, HomeGoods, and A.J. Wright-- to bolster the security of its databases.

“TJX ignored flaws in its credit card database, until hackers broke into it, gaining access to the personal information of almost 50 million people,” Brown said. “This agreement requires the company to carefully test its security systems and upgrade them to the highest contemporary standards.”

In January 2007, TJX announced that hackers had gained access to portions of its computer databases, which stored credit and debit card numbers, social security numbers and personal information of over 50 million customers.

Subsequently, 41 state attorneys general launched an investigation into how the hackers gained access and if the company did enough to protect its customers.

The investigation found that TJX failed to address the security flaws identified in a 2004 internal audit. This audit found major vulnerabilities connected to using firewalls, encrypting cardholder data, updating anti-virus software and regularly testing security systems. Just one year later, hackers from several different countries exploited the same vulnerabilities the audit identified.

The hackers accessed the company’s databases, connected to unsecured wireless networks, on two separate occasions. The first breach occurred in 2005 when hackers accessed TJX’s main server in Framingham, Mass. They targeted unencrypted and unprotected data such as: names, addresses, social security numbers, military ID numbers, and driver’s license numbers. The hackers obtained 94 million unique credit/debit card numbers.

The second breach occurred in 2006 in which the hackers installed an Open Virtual Private Network (Open VPN) on the main server. Using this connection, the intruders were able to capture card data such as: account numbers, cardholder names, credit card expiration dates, and PIN numbers. The hackers were able to intercept the data as it was being transmitted from banks to the 1,774 retail stores where customers were making purchases. The company estimates tens of millions of credit card transactions were intercepted.

These consumers were put at risk of identity theft, and many were forced to incur credit monitoring costs.

To date, 11 individuals have been arrested in connection with the incidents. Three of the hackers are U.S. citizens, one is from Estonia, three are from Ukraine, two are from the People’s Republic of China and one is from Belarus.

Under the agreement, the company must:
• Implement and maintain an Information Security Program designed to protect the security, confidentiality and integrity of personal information within 120 days;
• Designate employees to coordinate and be accountable for the new Information Security Program;
• Conduct a thorough risk assessment of the program;
• Conduct regular testing and monitoring of the effectiveness of the program;
• Replace or upgrade all wired and wireless systems;
• Refrain from storing all personal data such as: account number, cardholder name, expiration date, and PIN on the magnetic strip on the back of credit cards;
• Install intruder detection systems and other devices to track and monitor unauthorized access; and
• Participate in pilot programs for testing new security-related payment card technology.

In addition, TJX will pay $5.5 million for data protection and consumer protection efforts; $2.5 million to a Data Security Fund to be used to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information and $1.75 million in other costs and fees associated with the investigation.

California has 73 TJ Maxx stores, 103 Marshall’s stores, 7 A.J. Wright stores and 31 HomeGoods stores. California will receive $624,393 as part of the agreement.

States involved in today’s agreement are: Alabama, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.

A copy of the settlement agreement is attached.

RANCHO CUCUMONGA— Attorney General Edmund G. Brown Jr. today announced that charges were filed against Dr. Lisa Barden of Rancho Cucumonga, who broke the law and “wrecked havoc” on the lives of patients whose identities she stole to obtain highly addictive pain killers.

“This physician wrecked havoc on the lives of dozens of patients, violating her oath and abusing her position as a doctor,” Attorney General Brown said.

In November 2007, the California Department of Justice’s Bureau of Narcotic Enforcement began an investigation of Dr. Barden, who illegally obtained prescription drugs on 131 separate occasions from more than 43 different pharmacies. Barden obtained more than 30,000 tablets of prescription painkillers, including hydrocodone (Vicodin) and oxycodone (Oxycotin). Dr. Barden was arrested on Thursday, January 29.

The Riverside District Attorney’s Office filed 276 felony counts including: commercial burglary, forgery, obtaining a controlled substance by fraud, possession of a controlled substance, insurance fraud and identity theft. Agents recovered from her home multiple prescription pads for 12 different doctors, as well as the personal information of 93 people who are alleged victims of identity theft.

The investigation was led by the Riverside Regional Pharmaceutical Narcotic Enforcement Team, which is a cooperative effort with the California Department of Insurance, Fraud Division and the U.S. Drug Enforcement Administration.

This initiative is part of the Attorney General’s plan to address prescription drug abuse in the state and make it easier for doctors to keep track of prescription drug records.

Prescription drug abuse can have serious public safety consequences, as many abusers hold down critical jobs including truck drivers, transit operators and medical practitioners. The Attorney General has been working in cooperation with the Troy and Alana Pack Foundation, founded by Bob Pack, whose 7 and 10-year old children were killed by a driver who was under the influence of prescription drugs obtained from multiple doctors, to make tracking prescription drug records easier.

Last year, Attorney General Brown unveiled a plan to provide doctors and pharmacies with real-time Internet access to patient prescription drug histories. Under Brown’s proposal, health professionals will have computer access to the drug histories of patients, replacing the current outdated system that required mailing or faxing written requests for information. Each year, more than 60,000 such requests are made to the California Department of Justice.

The state’s database, known as the Controlled Substance Utilization Review and Evaluation System (CURES), contains 86 million entries for prescription drugs dispensed in California, giving healthcare professionals the technology they need to fight the prescription drug abuse currently burdening California’s healthcare system.

According to the latest Department of Justice “Drug Trends” report, Valium, Vicodin, and Oxycontin are the most prevalent pharmaceutical drugs obtained fraudulently. Vicodin and Oxycontin are the two most abused pharmaceutical drugs in the United States.

SACRAMENTO--Governor Arnold Schwarzenegger and Attorney General Edmund G. Brown Jr. today called upon California’s Internet service providers to follow the lead of Verizon, Time Warner Cable and Sprint by “removing child pornography from existing servers and blocking channels” that disseminate the illegal material.

“Protecting the safety of our children must be a top priority, not just for government, but also for businesses with the direct power to reduce the ability to conduct illegal activity,” Governor Arnold Schwarzenegger and Attorney General Edmund G. Brown Jr. said in a joint letter to the California Internet Service Provider Association, which represents more than 100 Internet service providers in California.

“We applaud three of the world’s largest Internet service providers—Verizon, Time Warner Cable, and Sprint—for taking steps to block access to child pornography. It is not enough, however, for only a few Internet service providers to join the fight against online predators. Child pornography is not protected by the First Amendment, and distributing this material is illegal.”

On June 10, 2008, New York Attorney General Andrew Cuomo announced agreements with Verizon, Time Warner Cable, and Sprint, to block access to child pornography by purging their servers of existing child pornography and eliminating access to child pornography newsgroups.

Governor Schwarzenegger and Attorney General Brown said other Internet service providers should follow these companies’ lead by ridding their own servers of child pornography and preventing access to illegal content through newsgroups.

“The California Internet Service Providers Association is the largest association of Internet providers in the country and we are asking your members to take their leadership role seriously. The association can begin by working with its more than 100 members to remove child pornography from existing servers and blocking channels, which include newsgroups, used for distributing this material,” Schwarzenegger and Brown said.

California is home to the Silicon Valley which has hundreds of Internet service providers, ranging from large companies to smaller, local providers. Some of the major providers include AT&T and AOL. According to the California ISP Association, the largest such association in the country, there are more than 100 Internet service providers in California.

The California Attorney General’s office has been working with other states to protect children from dangerous predators on the Internet. California recently joined 49 other states in reaching agreements with Myspace and Facebook so that those social networking sites take steps, including age and ID verification processes, to protect children from online sexual predators. The attorney general’s office also deploys special agents who conduct undercover investigations into online sexual predators. For more information about the apprehension teams, visit: www.ag.ca.gov/cbi

A copy of Governor Schwarzenegger and Attorney General Brown’s letter to the California Internet Service Providers Association, sent today, is attached.