CheeseBadger

Just as a follow-up to this: I already had the name of the Head of IT, and I managed to locate his email address as the DNS admin contact. I sent him an email to tell him what I'd found, but without going into specifics. He replied, and I then phoned via the main office number and asked to be put through to him to discuss what I'd discovered. He seemed appreciative and thanked me for letting him know. We didn't discuss the job application any further, and I didn't want to push the issue.

Morning all, long time lurker and all that... I've got a bit of a situation and I'm curious to get opinions on how to deal with it: I'm currently a network admin for a large enterprise network. I'm responsible for LAN/WAN, firewalls and ever more increasingly, security work. I've always had an interest in security and I've been lucky that I've been able to legitimately incorporate elements of it into my role. HOWEVER, I'm currently job hunting, looking for a skill/responsibility/salary increase... I've recently applied for a job that is pretty similar to my own, but with more responsibility, and it sounds like a greater emphasis on InfoSec work. Whilst I've been Googling the company in question to try and find out more about them, I've happened across documents that would constitute (under UK law) a breech of the Data Protection Act. I hasten to add that these documents were found with nothing more than Google and some targeted searching - an employee has been using a website that allows company documents to be uploaded, but they are not in any way protected from public viewing. I have not mentioned or passed this on to anyone else, but it includes names, addresses, phone numbers, emails and financials. The flipside of that, is that the employee responsible is easily identifiable, and could potentially wind up in a whole boatful of trouble. What would you do about it? As a non-employee, would you even bother bringing it to their attention, or just keep quiet instead? Or sit on it in the hope of being invited to interview and being able to present it as an example of why they need my skills? Or just contact the current IT manager and bring it to his attention in the hope of prompting an interview? I'm not interested in disclosing it to the world and prompting a sh*tstorm, but regardless of whether I ever even get the job, it is something that should really NOT be in the public domain. All thoughts appreciated.