Browsing All Primary Sources from: Michigan Attorney General

This document details the reporting of a security incident by Quixtar, Inc. to both the Michigan Attorney General and the FBI that twenty-eight Michigan residents were breached on 5-27-2008 and notified by the company 6-11-2008 after an internal investigation. Some PII were compromised including user account passwords and user IDs, but NOT social security, bank account, credit card or drivers license numbers.

Quia ‘‘‘` rare i €@@ M. . Q. t Q, s ‘¤E¤it·e·p ·t·—·~i 1%% UV`, Xq ATTORNEY GENERAL 5 e<~°‘°\ tee JU Z @°‘“a~iG?(aaahe 11,200:% Wi 1 2 ZUUS e · <\’ G°“s\> gjigigii @?r€ii*i”@;*§aggy§,E§;F. j End -...

This is an update on the potential security breach of the Altman Weil organization sent 8-12-2008 to the Michigan Attorney General regarding what was found to be the SQL virus attack on its servers 5-14-2008. Its internal investigation found that no customer or credit card information was compromised in the attack. Altman also notified its customers on 7-23-2008.

if · * ` Altman Vileitlnc, Two Campus Boulevard, Suite 200 Q H ` N 2 il In Newtown Square, PA 19073 ® C 3 C· sro-sea-2000 Fax: @10659-0487 The leader in legal consulting. . wwlv.aIlntanxverl....

On 11-12-2008 Express Scripts, a co. headquartered in St. Louis, MO, notified the Michigan Attorney General of a potential breach on Michigan residents. This potential breach source was an extortion letter sent to both the company and its clients/members, which threatened to expose PII allegedly stolen from the system. The PII at risk of exposure includes 75 member of the organization and includes social security numbers, names, dates of birth, and historical pharmaceutical prescriptions. The company reported this information to law enforcement and instituted a number of measures to mitigate the risk of identity theft including (a) issuance of press releases dated 11-6-2008 and 11-11-2008. (b) launch of a breach notification website to both notify and assist its clients/members, and (c) the availability of an identity restoration service to assist its clients/members.

i _ l AQ]; , I · EXPRESS SCRiPTS® c "'? " A `” E . 6 . .$HE..--. »-· - ; November 12, .2008 ATTORNEY GENERAL ‘ r NOK! 1,4, 2088 1 ` The Honorable Mike Cox or Office of the Attorney General _...

Anheuser-Busch notifies the Michigan Attorney General on 7-21-2008 of a burglary that occurred in one of its offices located in Sunset Hills, MO sometime between 6-6-2008 and 6-9-2008. During this burglary, a password protected and encrypted information laptop was stolen containing the PII of approximately 502 Michigan residents. This information was also reported to the police, the three major credit reporting agencies (TransUnion, Experian, and Equifax), along with notification to be sent to members who may be affected - to be mailed to them - during the week of 7-21-2008. To date, there is no evidence to suggest that the stolen information led to any identity theft, however, several measures have been taken to mitigate the risk including (a) additional enhanced security measures at the company, (b) additional quality controls, (c) Equifax monitoring for one year, (d) information provided to alleged clients of enrollment information, fraud alerts, and security freezes, and how to obtain a free credit report in their efforts to avoid similar incidents in the future.

l BQESCH LiS¤A·l·*l¢>i A rit es _ VICE PRESIDENT " C”’”P“"‘“ Aivb ornrimt counsrt July 2‘l, 2008 ` Q _ ECeivg Attorney General Mike Cox JU Office of the Attorney General L 2 5 » G. ll/lennen Willia...