Ask HN: A Big Company was hacked, they won't admit it. What can I do?

6 points by Mandatum ↗ HN
A long time ago I submitted a custom e-mail address to a VERY large organisation for an in-store discount. Now, several months later I've begun receiving 419 scams and fake invoice phishing emails.

This is an address that you really can't just guess.. And it's the only address I'm receiving them on.

The company will not admit they've been breached. Nor will they tell me which parties my information has been supplied to.

Just as well I can block all emails being sent to that address now.. The exact reason I set it up this way.

I can confirm with friends who also signed up that they've started receiving the same emails.

Here's the kicker. It's illegal for them not to notify us of a breach in this country (Australia).

What can I do?

4 comments

[ 4.4 ms ] story [ 18.8 ms ] thread
Gather as much detail as you can and tell a journalist. Sunlight is the best disinfectant.
Tell the regulator. I assume there is a regulator if it's illegal for the company to not tell you about a data breach?
Sending an e-mail to Krebs with all the details sounds like a good first step.
BigCo may not have been hacked. Could also be that they sold your data. Either to someone unethical or to someone who resold it or to someone who got hacked.