Do nothing. Are your emails random-proof? Can you guarantee a simple algorithm can't generate such emails? Are they +20 chars long, like
1212dfdfdnere0-psankdncxzcoxzicczppp-a at hotmail.com ? If they aren't, sorry, but any script kiddie can create a perl script to generate your "secret" address. On Wed, 05 Jul 2006 01:09:06 -0700 <[EMAIL PROTECTED]> wrote: s> Hello all, s> s> The recent thread on the exposed data containing hospital records s> made me think to ask something here. s> s> I have recently received spam to several email addresses created s> explicitly and solely for filing my US federal taxes online through s> an internet tax filing system. The emails I received are tied to s> four separate filings by four separate people on a COMPLETELY s> unrelated subject through an IP address managed by a completely s> different person than the entity that these addresses were given s> to. s> s> I've already asked the tax filing company for more information s> about any breaches they may have suffered and what other s> information may have been exposed. They asked for the source s> emails, which I provided, and I have not heard back. This was over s> a week ago. s> s> What should I do? What would you do? s> s> I'm not up on current legislation (I'm a part-time security guy), s> but would this fall under HIPAA (one of the people filing is s> disabled, that data was included on the online form), Sarbanes s> Oxley, GLBA, California Breach Act (I'm in CA)... or anything else? s> s> Since it looks like they're not going to even respond to me, I'd s> like to nail them to the wall. s> s> Thanks s> s> s> s> Concerned about your privacy? Instantly send FREE secure email, no account required s> http://www.hushmail.com/send?l=480 s> s> Get the best prices on SSL certificates from Hushmail s> https://www.hushssl.com?l=485 s> s> _______________________________________________ s> Full-Disclosure - We believe in it. s> Charter: http://lists.grok.org.uk/full-disclosure-charter.html s> Hosted and sponsored by Secunia - http://secunia.com/ s> year(now) + 1 serĂ¡ o ano do linux! Cardoso <[EMAIL PROTECTED]> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
