I work as an engineer for a company that assigns me to various client projects. For one such assignment, I was added to a project that wouldn’t...
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/maliciouscompliance by /u/barthem on 2025-05-12 15:12:24+00:00.

I work as an engineer for a company that assigns me to various client projects. For one such assignment, I was added to a project that wouldn’t start for a few weeks, so in the meantime I stayed focused on other ongoing work. A few days before the project was due to begin, the external project lead sent me a ZIP file containing technical documentation: diagrams, requirements, and other materials relevant to the upcoming project. I skimmed through it briefly, then moved on with my day. Nothing unusual.

A couple of days later, I got an email from the external company’s scheduling manager saying that “a document” had been sent to me which apparently contained some confidential company information, and asking me to delete the email. That’s it. No file name, no explanation, just a vague “please delete it.” I shrugged, deleted the ZIP file, and replied asking if they could resend it without the problematic part. Then I forgot all about it.

That is, until I got a call from the most condescending, passive-aggressive person I’ve ever dealt witt, the scheduling manager from the client’s side. She went on a 30-minute tirade about how the previous project lead never should’ve sent me that document, how serious the situation was, and, most memorably, how she couldn’t trust that I had actually deleted it. I quote:

“I can’t just take your word for it. I’m not just going to trust you because you say so.”

Right. So at that point, I figured: Im done with you, If you’re going to act like I’ve just been handed nuclear launch codes, then I’ll treat it like I’ve just been handed nuclear launch codes.

I said, “You’re absolutely right. I’ll contact our Security Operations team and report a formal security incident. They can coordinate with your SecOps team, and together we can do a full scrub of all relevant mail servers to ensure the document is completely gone. It’s really the only way to be certain.”

Suddenly, her entire tone changed. “Oh no no no, that won’t be necessary. It’s fine, I believe you!”

She practically stumbled over herself trying to shut it down. Because escalating this to both companies’ SecOps teams would’ve turned it into a bureaucratic nightmare: incident reports, compliance reviews, and probably someone getting thrown under the bus.

I politely reiterated that I really didn’t mind escalating it if it would give her peace of mind. She very quickly decided she had enough peace already. We ended the call, and life moved on.

if you act like I’ve compromised national security, don’t be shocked when I offer to treat it like a national security incident.