Author: thomasl

Last week I found a data breach in a large companies website, exposing over 2 million customer records (name, address, email, phone number) It's always a though choice, do I call it in and risk getting sued, or leave it? Since this was quite a big leak, which I more or less stumbled upon (think in the lines of 'this looks odd, what happens if I try and change this') , I just went ahead and stated my intensions very clearly in my messages, and hoped they would see it would benefit them to use my report, and fix the problem as soon as possible.

Last week I found a data breach in a large companies website, exposing over 2 million customer records (name, address, email, phone number) It's always a though choice, do I call it in and risk getting sued, or leave it? Since this was quite a big leak, which I more or less stumbled upon (think in the lines of 'this looks odd, what happens if I try and change this') , I just went ahead and stated my intensions very clearly in my messages, and hoped they would see it would benefit them to use my report, and fix the problem as soon as possible.