Basically I found a vulnerability by complete accident that gave me access to people's PII in an IRS authorized e-file app.

I disclosed the vulnerability to them, and they ignored me. I've made multiple attempts over the last several months. Even went as far as trying to find developers or owners or executives on LinkedIn and came up short.

What's next? I haven't found a way to report this to the IRS directly; everything seems focused on personal exposure. I want to make sure this gets addressed.

Anyone have any similar experience or advice?

Don't bother asking where or how; I won't be providing that information.

[dead]