Hacker News new | ask | show | jobs
by anonymouskimmer 1217 days ago
I would try reporting it to the company, maybe also the FBI or FTC, or if you aren't too comfortable contacting them, you can try also contacting someone like Brian Krebs who presumably knows who to contact about data leaks of this nature. (Krebs' contact form: https://krebsonsecurity.com/about/ )
4 comments
speakfreely 1217 days ago
Please do not ever communicate directly with anyone from a federal law enforcement agency. Only talk to them through an attorney. They are most definitely not on your side.
link
sargun 1217 days ago
I can second this. My attorney says I can't talk much more about it.
link
anonymouskimmer 1217 days ago
The guy is from Canada.
link
account-5 1217 days ago
Very my doubt that's going to stop US law enforcement. They go after people all over the world. And if they really want you and your country has an extradition treaty it tends to favour the US side.
link
dylan604 1217 days ago
I'm not really sure what your point is. Because they're Canadian, they can't make a call to the FBI? They're Canadian, so they should report to a Canadian authority about US Citizen data? They're Canadian, so they're funny and this is a joke?
link
anonymouskimmer 1217 days ago
First I wrote: I would try reporting it to the company, maybe also the FBI or FTC

Response was: Please do not ever communicate directly with anyone from a federal law enforcement agency. Only talk to them through an attorney. They are most definitely not on your side.

Then I wrote in response: The guy is from Canada.

So all three of your guesses are wrong. I'm stating that a Canadian has much less to worry about (compared to a US citizen) when contacting a US law enforcement agency about a compromise in the security of a US company that impacts multiple US states.

link
schoen 1217 days ago
You could also check https://iapp.org/resources/article/state-data-breach-notific... and report it to state authorities in the relevant states (whichever you think those are). These notifications are usually supposed to be made by the company responsible for the data breach, but I imagine some of the state authorities would be interested to get a third-party report too.
link
g48ywsJk6w48 1210 days ago
Unfortunately, Brian Krebs did not answer for a week. Started thinking data leak is not a super interesting topic for professionals. It happened every week, so my discovery is just another data leak.
link
yeahsure 1217 days ago
There are so many possible bad outcomes that can result from these options. Not a good idea at all imho.
link