An online business process software (ASP) inadvertently provided access to a non-authorized user. Confidential customer contact information was exposed to other unauthorized users. A regulatory investigation for a data privacy incident could lead to a fine or penalty. Private suit for loss of, or damage of, data settled for $875,000. Defense expenses incurred in excess of $275,000.