Re: Knock, knock. Who's there? No one.

["Al Mac Wow" <macwheel99 () wowway com>]

In situations like this, where a reasonable effort has been made to inform
some organization that they have a live breach, and there is uncertainty
whether the info is getting thru to the responsible parties, what is the
next civilized step?

Send a communication to senior law enforcement or attorney general for the
state, about the nature of the breach, the institution involved, the fact
that there has been an unsuccessful effort to bring it to the attention of
the appropriate authorities there, introductory info about the organization
which discovered the problem.  Cite whatever state breach laws, and federal
regulations appear to be violated, if the breached institution cannot fix
this.

If this is one of the states where such breaches are not yet of interest to
state authorities, then send the communication to relevant federal
authorities.

Send a copy of your communication to the CEO of the breached institution,
via snail mail to the address of the breached institution.  If you can find
what lawyer firm they use, also send copy to them, pointing out that when
this kind of thing has happened at other institutions, and not rapidly
fixed, it has often led to multi-million $ law suit settlements.

The person without the e-mail link could be prison labor, or on a computer
system not connected to the Internet (many do exist).

Al Mac (WOW) = Alister William Macintyre
day job = www.kewire.com Lawrenceville Il (near Vincennes In) via VPN/400
(our division dates back to 1955)
2013 Feb I become temporarily famous:
http://cryptome.org/2013/02/drone-nations.htm
-----Original Message-----
From: dataloss-discuss-bounces () datalossdb org
[mailto:dataloss-discuss-bounces () datalossdb org] On Behalf Of Jake Kouns
Sent: Saturday, February 23, 2013 11:53 AM
To: dataloss () datalossdb org; dataloss-discuss () datalossdb org
Subject: [Dataloss-discuss] Knock, knock. Who's there? No one.

http://datalossdb.org/incident_highlights/57-knock-knock-who-s-there-no-one

<snip>

<<attachment: winmail.dat>>

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.