
Ask HN: A Big Company was hacked, they won't admit it. What can I do? - Mandatum
A long time ago I submitted a custom e-mail address to a VERY large organisation for an in-store discount. Now, several months later I&#x27;ve begun receiving 419 scams and fake invoice phishing emails.<p>This is an address that you really can&#x27;t just guess.. And it&#x27;s the only address I&#x27;m receiving them on.<p>The company will not admit they&#x27;ve been breached. Nor will they tell me which parties my information has been supplied to.<p>Just as well I can block all emails being sent to that address now.. The exact reason I set it up this way.<p>I can confirm with friends who also signed up that they&#x27;ve started receiving the same emails.<p>Here&#x27;s the kicker. It&#x27;s illegal for them not to notify us of a breach in this country (Australia).<p>What can I do?
======
DanBC
Tell the regulator. I assume there is a regulator if it's illegal for the
company to not tell you about a data breach?

------
gshdg
BigCo may not have been hacked. Could also be that they sold your data. Either
to someone unethical or to someone who resold it or to someone who got hacked.

------
jlgaddis
Sending an e-mail to Krebs with all the details sounds like a good first step.

------
clouddrover
Gather as much detail as you can and tell a journalist. Sunlight is the best
disinfectant.

