This was a mistake and I'm sure that Brownell's, being a responsible company, is taking this seriously. There is a big difference between a mistake and hackers getting into "secure" areas to obtain personal data. My data has been compromised. The feds and private companies have been hacked and my information is at risk. Unfortunately since getting into data bases is like mining for gold for criminals, there will always be someone trying to illegally obtain the information. Of course, trying to keep them out has created an industry all its own. My point is that one is a mistake and another a criminal activity. I'm sure that you weren't the first person to call Brownells to advise them of the mistake. Just because the CSR sounded casual, doesn't mean that the company doesn't care or isn't taking corrective action. It probably means that the CSR has already repeatedly heard about the problem from previous customers' calls and also has heard a lot from his/ her superiors at the company. Now lets let a company, friendly to shooters and gunsmiths for many decades, get back to helping us.Dealing with IT all the time as well as certain regulated industries, makes you very aware of Privacy Information protection.
I was polite, and didn't pursue the CSR beyond getting some kind of answer about notifications. I don't think I over reacted at all. However, I do want them aware that it is a problem. Where exactly do you think I overreacted?
Are you okay with other info that has been released in similar ways fairly recently, such as lists of names of everyone that has an LTCH for example, and things like that?
Again, It's not like I demanded anything, or got rude with the CSR (at least don't think I did).