How do I inform a company I found a leaked database of theirs on the Internet?


Recently I found a leaked database of a company and I do not know how to go about contacting the company. It is so weird because I cannot find any type of Information Security contact email to report this to. It just has a support email. I feel uncomfortable sending the link to the support email.

Should I ask for an Information Security email contact from that company or what should I do? By the way, the support email for the company is more of a fraud or customer support email not a technical support or security.

Also, what would be a good template to follow to give the best insight of the leaked database?