As a follow-up to the incident reported here, a Culpeper resident wrote a letter to the editor of their local paper that provides a bit more information on the breach and the position of the town in terms of its responsibility — or lack of responsibility — to provide any free credit monitoring.
According to a letter published in the Culpeper Star-Exponent, the town manager allegedly wrote that neither the town nor its vendor were responsible for the breach because the breach was the result of a criminal act and was not the result of negligence on the part of the town or their vendor. The letter goes on to say that the town’s attorney informed the writer that the data breach was due to the previously unnamed vendor, Capital Software Inc., being hacked.
So if it’s a hack, no one’s responsible for providing free credit monitoring services? What world are the Culpeper town manager and attorney living in?