[pavel_lishin]

We don't actually know what happened here. It could have been just one founder doing something shady; it could have been a hack; it could be something we can't imagine yet.

Let's not break out the pitchforks until we know who to point them at.

[chris_wot]

Actually, I'm breaking out the pitchforks. One of the requirements for PCI compliance is that you do NOT hold credit card data for any longer than absolutely required. Given HomeJoy was not doing any more billing of credit cards, these should have been removed from their system.