[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200607051406.k65E6xmt054101@mailserver3.hushmail.com>
Date: Wed Jul 5 15:12:23 2006
From: screwedbytaxes at hushmail.com (screwedbytaxes@...hmail.com)
Subject: Re: Who should i contact?
Answers to clarify the situation:
# It's not H&R Block.
# I have checked the privacy policy and they explicitly assert that
they will never share the email address for **any** reason with
**any** party. Email address is to be used ONLY for filing taxes.
# The system that was used for taxes was specifically built for
that specific tax season, and it was wiped (zeroes) and rebuilt two
weeks later. It was not used for any other applications. It never
saw ANY other networking or websites than simply filing taxes. Data
was burned to disk afterwards and remains stored in a safe. This
computer sat behind a firewall in a DMZ blocked even from the rest
of the network. IIRC, this was also THREE years ago, and Bagle has
only been around about two.
# While the addresses are not "random-proof", please explain how
else these FOUR email addresses were specifically "randomly"
generated and spammed within 72 hours of each other from the same
IP address that sent no other spam to any other address on the
server. One, sure. Two, big maybe. Three, very very unlikely. Four?
Hell no.
# As for email, the only email these addresses have ever received
were confirmations of the original filing (2 each, from the period
of original filing) and then two promotional emails (for the tax
service) last year and again this year. Granted, these messages
introduce at least the potential for exploitation on my side, but
again, JUST the tax-related address? I use over 100 email
legitimate addresses, more than 40 of them on a given day, my other
email addresses are plastered EVERYWHERE online. But NONE of those
addresses were spammed by that IP, and these four, ALL tied to this
one tax company, were? No way in hell is that a coincidence.
But more importantly, this is NOT about the spam. Sure, I'm upset -
companies that pull that suck, but I don't really care about the
spam. The spam is just a symptom of data being shared or exposed in
violation of their privacy policy (we chose this company with their
privacy policy in mind). I *do* care that the /rest/ of my data was
likely lifted as well. I want to know if that was the case and if
they have any hope or intent of doing anything about it.
Frankly, I don't think they care. If they did, they wouldn't put me
in a position where I have to drag this into the media or a court
just to get a simple answer.
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Powered by blists - more mailing lists