application/pdf 2009-01-12T10:26:14-06:00 7 Threatening letter received regarding revealing personal information of Toyota employees 20081121-Toyota_Express_Scripts.pdf ''''''''''''''''''''''''''''''''''' Amsim py Colgen Toyota Motor Sales, [LSA., HIC. Y`€.¢:1va1g£·t;r! 2 =.·ai>:1.·* .\.»~ei’¤·:: a `November 21, 2008 Steven G. Rowe, Esq. Office ofthe Attorney General 6 State House Station Augusta, Maine 04333-006 Dear Mr. Rowe: I am writing on behalf of Toyota Motor Sales, USA, inc. ("Toyota”) to inform you of a security breach affecting l Maine resident. On November 6, 2008, Express Scripts, Toyota’s pharmacy benefits manager, informed Toyota that an unknown person or persons had made an extortionate threat to disclose Express Script’s members’ personal information, including the name, Social Security number and date of birth to identity thieves unless Express Scripts paid a ransom. At that time, Express Scripts advised Toyota that it did not believe personal infomation about Toyota members was involved. Early the following week, Toyota received a similar threat directly, apparently from the same extortionist. The extortionists identified 188 current and former Toyota associates’ name, social security number and date of birth held by Express Scripts. Additionally, they suggested that they possessed similar information for “most" other current and former Toyota associates and their covered dependents. The FBI is investigating the incident. Toyota has worked diligently to determine the identity of the Company’s employees who are affected by this criminal incident. Toyota sent informal e-mail notice to affected employees on November 14, 2008 and will mail the formal notice of security breach on November 20 and 21, 2008. A copy of the letter that will be sent to affected Maine residents is attached. lf you have any questions concerning the matters discussed above, please do not hesitate to call me at 310-468-7737. Very ly yours, l CONSUMER Pisoitrzicttttosst iatttttstoiu RECEWEB All n fC n Managing Counsel l _ QFHGE or nrroansv escrow. November 20, 2008 Re: Call to Action: Important Notice of Security Breach Dear Associate and Covered Dependent: This letter is intended for all Toyota associates who are eligible under the Express Scripts,. inc. Pharmacy Benefits Program offered in connection with the Toyota Motor Sales, USA, Inc. sponsored Aetna medical insurance plans. The information in this letter applies to all Toyota associates and eligible dependents currently covered or who previously had coverage anytime between 2006 and the present date. Toyota recognizes the importance of safeguarding associates’ personal information. To that end, Toyota has taken steps to safeguard that information. Even the most rigorous safeguards, however, cannot guarantee protection against criminal conduct. Express Scripts, Toyota’s pharmacy benefits manager, was victimized by such conduct. More specifically, Express Scripts recently informed Toyota that it had received a letter from an unknown person or persons demanding money from the company. The person(s) threatened to expose a portion of the company’s members’ records containing personal infomation, including Social Security numbers and possibly prescription information, to identity thieves if the extortion threat was not met. At that time, Express Scripts advised Toyota that it did not believe personal information about Toyota members was involved. An FBI investigation is underway. Last week Toyota Motor Sales, U.S.A., Inc. received a similar threat apparently from the same criminals. The extortionists identified 188 current and former Toyota associates’ name, social security number and date of birth held by Express Scripts. At this time, we are unsure whether other personal information is also at risk. Additionally, they also suggested that they possessed similar information for other current and former Toyota associates and their covered dependents. Toyota has already notified the 188 associates of the breach and we are working with these associates to assist them in connection with fiaud prevention. Toyota also notified the FBI agents involved with the Express Scripts investigation. We believe that there is some risk, based on the threat contained in extortionists’ letter, that you or your dependents’ personal information could be misused. Therefore, we believe you should consider taking action to protect your identity even though, at this time, we have received no evidence that there has been any attempt to misuse your personal information or that of your covered dependents. Express Scripts, through its vendor Kroll, Inc., is offering fraud prevention assistance in connection with this incident (please see enclosed information). The Fraud Prevention Steps You Can Take enclosed with this letter will also be available on Toy0taVision at hgpz//tv/toyotavision/. You may also obtain information through the Express Scripts website at www.esisupports.com We recommend that you take action promptly. We are sincerely sorry for any inconvenience that this incident may cause you._ Sincerely, TMS Human Resources Department 5. Contact Law Enforcement. If you find suspicious activity on your credit reports or have reason to believe your information is being misused contact your local law enforcement agency and file a police report. Get a copy of the report when it becomes available to you and retain it for further use, as many creditors want the information it contains to absolve you of potential fraudulent debts. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide some kind of proof that you have been a victim. A police report is often required to dispute fraudulent items. ‘ 6. ‘ Contact Kroll, Inc. You can contact Kroll at 866-795-9350, Monday through Friday, SAM to SPM (CT) to gain additional information about this event and to talk with representatives from Kroll about appropriate steps to place fraud alerts or security freezes. 7. Contact Kroll if you see suspicious activity. If you discover any suspicious items in your credit reports or account statements, notify Kroll immediately after notifying law enforcement by calling 866-795-9350. 8. Additional Information. You can obtain additional information about steps you can take to avoid identity theft from the following: Identity Theft Clearinghouse Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 hggz//www.ftc.gov/bcp/edu/microsites/idthefd (877) IDTHEFT (438-4338) TDD: (202) 326-2502 California Office of Information Security and Privacy Protection http://urvvw.oisp_r;.ca.gov/consumer privacy/identitytheft.asp 947 true 188 1 key-2mawgjmtrx5cft5frzfj 10158248 186070 2008-11-21T09:21:00-06:00 2009-01-23T10:00:13-06:00