Disclosure
Many years ago I stumbled across a sqldump of a marketing database that included personal details (name, address, email, phone numbers were the most visible information) of many thousands of UK residents. This was on a subdomain with directory browsing enabled, and which had been indexed by Google! Lots of interesting marketing presentation stuff, there, but this stood out. An email to the company, actually to all of the admin accounts listed in that database, got a swift response from one of the company directors, and the entire subdomain disappeared within hours. At least I got a nice Thank You, amidst the shock and panic...