A company, Schemata, handling sensitive military data had no API authorization, allowing a low-privilege user to access users, organizations, and confidential training materials. The issue was fixed after 150 days of disclosure attempts, highlighting the importance of open disclosure channels and robust authorization testing.