Depending on what specific data is exposed my understanding is mandatory reporting is required. If for example contact details etc are in public view this would meet reporting criteria. Needs to be reported or discussed with more than the company CEO.
Bookmarks