Found a hole on the site with personal data. What to do?

T

Timur Yakhin2014-09-03 15:49:09

Information Security

Timur Yakhin, 2014-09-03 15:49:09

On one site of the regional transport company N there is a service for selling tickets via the Internet.
For boarding transport, an identity document (most often a passport) is used.
It so happened that I found a way to receive receipts for sold tickets with passport data, full name, time / direction of the trip.
The site was made to order by a third-party company M. Out of solidarity with the developers, I first wrote to company M, reporting a hole in their client's site, but without giving details, I left contact details. There was no answer. Then I wrote directly to company N and told them the same thing. There was also no answer. The letters were duplicated twice.
It's already the 2nd month since my first appeal, there are no answers, there is still a hole on the site (after one of the updates, it even began to work better).
Tell me what should I do? Continue to write, try to call, tell somewhere "where to go", or score and just not buy tickets via the Internet?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

3

386DX, 2014-09-03
@temoffey

Nothing, delete all traces on your computer and forget it.

S

SilentFl, 2014-09-03
@SilentFl

You can write to Roskomnadzor , but they move badly through the site, you can apply in writing to their territorial administration (they will move faster), plus write a statement to the prosecutor's office

C

Copperfield, 2014-09-03
@Copperfield

Write an article on Habr about how I got access to the ~~photos of stars~~ to the personal data of the transport company N.