Who should i contact?

[<screwedbytaxes () hushmail com>]

Hello all,

The recent thread on the exposed data containing hospital records 
made me think to ask something here.

I have recently received spam to several email addresses created 
explicitly and solely for filing my US federal taxes online through 
an internet tax filing system. The emails I received are tied to 
four separate filings by four separate people on a COMPLETELY 
unrelated subject through an IP address managed by a completely 
different person than the entity that these addresses were given 
to.

I've already asked the tax filing company for more information 
about any breaches they may have suffered and what other 
information may have been exposed. They asked for the source 
emails, which I provided, and I have not heard back. This was over 
a week ago.

What should I do? What would you do?

I'm not up on current legislation (I'm a part-time security guy), 
but would this fall under HIPAA (one of the people filing is 
disabled, that data was included on the online form), Sarbanes 
Oxley, GLBA, California Breach Act (I'm in CA)... or anything else?

Since it looks like they're not going to even respond to me, I'd 
like to nail them to the wall.

Thanks



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/