application/pdf 2009-02-03T15:40:18-06:00 9 Server containing personal information hacked and personal information accessed VA_08182008_interactive_financial_marketing_group.pdf % i Inter T t Finan "af Marketing Group August 18, 2008 Office ofthe Virginia Attorney General Computer Crime Section 900 E. Main Street Rielunortd. VA 232] 9 Rc: Seern·r`t_r Brertcli Strtte /lgeuej-· Notice Dear Sin’Madarn: l’ur·suant to Va. Code § l8.2—l Soo, lnterntctive Financial Marketing Group, a division of llomiuion Enterprises located in Richmond, Virginia, is writing to notify you ofa security breach that involves the intormation oi`\/irginia residents. lnterActive Financial l\/larketing Group acts as a lead generation source for automobile dealers who finance the sale oftheir motor vehicles to consumers in various states, including Virgirtia. On various dates between November 2007 and February 2008, an unknown and unautlrorized third party hacked into and gained access to one ofour computer servers. This server is used to store information we receive from consumers tluottgh our websites. The illegally accessed electronic in forrnatiori includes the names, addresses, birthdates, and social security numbers of our consumers. No eonsttmer credit card account information was stored on the illegally accessed server. The number of Virginia residents affected is 2,289 as ofthe date ofthis notice. We have sent, or will SOO11 send, notice ofthis security breach to all idcntined consumers. A copy of our consumer notice letter is enclosed with this letter. We are also notifying each ofthe three nationvvide credit reporting agencies about the timing, content, and distribution of our consumer notices. We have engaged a computer security and forensics expert to help investigate the scope, nature and cause ofthis ttttatttlrorized intrusion into our eotnputer srver, `We have implemented enhanced network contiguration, database, and software security measures and will continue to devote resources to prevent a similar security breach in the ftttttre. None of our consumers has informed us that any third pany has made unauthorized use ol" their information as ofthe date of this notice, but we are offering all identified consumers access to credit monitoring services for one year at our expense. Our consumer notice letter also supplies those people with a toll—free telephone number and our contact information ifthey have any further questions or want additional assistance. l is Virginia Street l<icltnrond,V.»\ 23209 ph 804%,225. l S80 la\ 80=l.225.l8§l5 utww.cai·loan.com n·it-·t·v.tttrtoIoancom l80tl-/\uto—l-oan www.lntet·Activet`mg.com me Intere t rnanci L) Marketing Group Please contact Rich Crawford at (757) 351-8093 ifyou have any questions regarding this letter. _` X (i,L;,,a .... -·/' Inter/Xctive liinancial Marketing Group 47 Enclosure RCi·"ltztl llsl Virginia Street Riclimonti.\·’.·\ 232ltJ ph 80#l,225.l8S0 lax S0·=l.225.l8S5 \\-`\\‘\\-'.C?B.I`lL`)Bll.CUll] \·\ \\·'\·\~.£lLll.OlO&ii`l.UOl'I`! l8OU—.·i\Ll[O··LOL’tIl \‘»’\\'\`v”.llTi€!`,ACl.l\`Cl`l`I1g.COlll //> I . I g 5 ‘·e·= ·t IHIEIACIIVC FIIIHHCIQII i; Marketing Group August 19, 2008 You previously submitted your personal information to interactive Financial lylarlteting Group r··rFrrie"i through cartoancom. l am writing to advise you oi an incident that may affect your per- sonal information. Between November ot 2007 and February 2003. an unltnown third party gained access to one of our computer servers without authorization. This server was used to store iniormatton we receive from applicants through our websites. The illegally accessed data includes the information you pro vided on your credit application, such as your name, address. birth date and social security number. We have investigated the scope. nature and cause of this unauthorized intrusion into our computer server. We liars implemented additional security meastires and will continue to devote ali avail- ahle resources to prevent this type of event from occurring in the future. We do not Itnow whether your information has been illegally used, but your information may have been accessed. lFl\rlG is advising you ofthis incident so that you may take steps to guard against any potential rislt resulting from this incident. As a precaution. to help you detect any possible misuse of your data, lFi\flG has arranged for you to enroll ln credit monitoring for one full year, at no cost to you. Specifically, we have engaged Con- sumerlnfocom, inc., an Experian® company, to provide you with its Triple Alertsm product which in- cludes, among other offerings, daily monitoring of your credit report from all three nationwide credit reporting companies iExperian®, Equifa><®, and TranstJnion®), email alerts of hey changes to your credit reports. toll-free access to a dedicated team of fraud resolution representatives, and $25,000 identity Theft Insurance provided by Virginia Surety Company, inc. (Due to New Yorlr state laws restrictions. Identity Theft Insurance and Guarantee coverage cannot he offered to New Yorlt residents. All other henetrts of Triple Alert are availahle to you.) The free credit monitoring product must he activated within 90 days of the date ofthis letter. To sign up, please visit httpr/jpartner,_consui_n_e_i‘iofQo.corn,d_§h-to and enter your individual activation code provided helow. Please keep in mind that once activated, the code cannot he re used, You will he instructed on how to enroll in your cornplirnentary credit monitoring product. lf you sign up, all credit reports and alerts will be delivered via email. Your Single Use Credit Monitoring Activation Code: it you have any questions, you may call the dedicated Privacy i-lelp Line at 856-578-5407. Our repre- sentatives will he available to assist you Monday through Friday, hetween 6 am. and 6 pm. PT. Regardless of whether you elect to enroll in the credit monitoring product, IFMG strongly recom- rnends that you remain vigilant and regularly review and monitor your credit reports and account statements to guard against any unauthorized transactions or activity. lf you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report fraudulent activity to proper law en- forcement authorities, including the Federal Trade Commission. You can learn more about how to protect yourself from becoming a victim of identity theft at the FfC's website: http;/grtvw.ftc.gg:y’ _bcpj_r:du[ microgtcsj rdtheftj. You are also entitled under U.S. law to one free credit report annually from each ofthe three major credit bureaus. To order your free credit report, visit www.anrr_ti&r_editrer@t:_o;n or call toll-free (877) 322-8228. 0r yoti may obtain a free credit report by calling any one of the three national credit reporting companies at the followingtoll free numbers: Eduifax® at (800) 585-1111; Pt periandi at {888l397--3`M2; and TransLlnron® at {800} 918-8800. ln addition to obtaining a free credit report. you may contact any ofthe three national credit report- ing companies to place a "fraud alert" on your consumer credit file. This will alert creditors to take additional steps to verify the identity of anyone who applies for credit in your name. There is no charge for placing a fraud alert on your consumer credit files. The contact information ofthe na- tional credit reporting companies for purposes of placing a fraud alert on your account is; Equifax Experian Transtlnlon P.0. Box 105089 l’.0. Bo><1017 P.0. Box 6790 Atlanta, GA 30348-5069 Allen, TX 75013 Fullerton, CA 9283cl- {800) 525-8285 (888) 397-3742 (800) 880-7289 http://t»rrvw·.eouifaxcom http;//www.e><perian.com http://www.transunion.com These credit reporting agencies can also provide you with information about the steps you can taite if you also want to place a security freeze on your credit file andthe cost for doing so. Protecting tho privacy and sectrrity of your information is extremely important to us. lFlvlG wishes to reiterate that it has not learned about any misuse of your personal information at this time and that iFl\/lG is talt- ing appropriate remedial steps, including enhancing security protocols. On behalf of lFMG, l apologize for any inconvenience or concern that this matter may cause for you. As noted, if you have any questions, please feel free to contact the dedicated Privacy Help Line at 855-578-5407. which has been established to assist you. Thank you very much. Sincerely, 4--- --L .1-’ e. __ 70-e?·f§?;_____g L3 Y?/i F Rich Crawford lnterActive Financial l\llarl<eting Group 1323 true 2289 4 key-2cj653dk6zhxnkgd7flb 11615365 129583 2008-08-18T14:12:00-05:00 2009-02-16T06:35:35-06:00