I did not read the entire thread but I did read the first few pages. All I can say is wow! How did all this happen? I will say that from an IT and Security perspective, unauthorized access of a server regardless if it was already open or not is a serious offense, especially if the data is taken and distributed out. I do not know all details so I am not going to say anything more except that even if an employee of the company gained unauthorized access to data and then distributed it out publicly, that would result in serious penalties under the law. In my previous position we as employees had to sign off on various security compliance statements including misuse of IT resources and information. I sincerely hope that this ends well for all involved. Is the trial actually scheduled for 2013?