Data Loss – The former contractor has published the company's source code and secrets online


I just found my current company code on the Internet.

We're talking about hundreds of thousands of lines of scripts and configurations, including database schemas and a fair amount of internal information. Looks like an archive of some projects, all linked to one file.

I have not had time to go through everything yet. The quick search for exposed databases and credentials indicates other missing files / features.

This seems to be the personal website of a contractor who worked here 5 years ago.

1 hour later: Found confidential information of each company for which the guy has worked in the last 2 decades, mainly F500: huge national bank, postal service, large electronics manufacturer, general electrics …

Mix of code, configuration, notes, and seemingly console input logs. No idea why a guy would keylog himself, let alone post it on the internet, that's really weird.

It is a treasury. There are references to all types of internals with sometimes username and password. FTP access to production server. SSH access to God knows what, even with the unique RSA token number that was used when it was 2FA protected.

What can you do about it and who can you turn to? Cyber? Legal? FBI? SEC? Other? Any combination of these?