Thank you for confirming that. I'm not trying to accuse anyone here, but from what I read online on this subject, a lot of the times it's not outside hackers who forced their way into a database, but some disgruntled kid with too much access, who just got canned from his job for watching porn on company time & machines, and decides to help himself to a nice "severance package" by making a copy of the clients' database and selling it online. No way to trace/detect that after the fact...