Hello all, The recent thread on the exposed data containing hospital records made me think to ask something here.
I have recently received spam to several email addresses created explicitly and solely for filing my US federal taxes online through an internet tax filing system. The emails I received are tied to four separate filings by four separate people on a COMPLETELY unrelated subject through an IP address managed by a completely different person than the entity that these addresses were given to. I've already asked the tax filing company for more information about any breaches they may have suffered and what other information may have been exposed. They asked for the source emails, which I provided, and I have not heard back. This was over a week ago. What should I do? What would you do? I'm not up on current legislation (I'm a part-time security guy), but would this fall under HIPAA (one of the people filing is disabled, that data was included on the online form), Sarbanes Oxley, GLBA, California Breach Act (I'm in CA)... or anything else? Since it looks like they're not going to even respond to me, I'd like to nail them to the wall. Thanks Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
