Once the attacker is identified, will you lay it all out to the DoJ so they can bring action under the Computer Fraud & Abuse Act or will you just attend to it "in your own way"?
Would welcome seeing these bad actors publicly called out & prosecuted for their behavior.