Whilst they presumably aren't going to get a whistleblowing award as they did the hack, I wonder if there's an opportunity to make money by scanning the darkweb for material being sold that's been hacked from public companies, seeing if its been reported and making a complaint if not.