How do I inform a company I found a leaked database of theirs on the Internet?

Recently I found a leaked database of a company and I do not know how to go about contacting the company. It is so weird because I cannot find any type of Information Security contact email to report this to. It just has a support email. I feel uncomfortable sending the link to the support email.

Should I ask for an Information Security email contact from that company or what should I do? By the way, the support email for the company is more of a fraud or customer support email not a technical support or security.

Also, what would be a good template to follow to give the best insight of the leaked database?

Bizarre email sent from spam email address with contact details of someone I know and a friend of their’s in it

Someone I know (call them Darren Smith) recently received a rather odd email. It was sent to their personal email address, emailaddresswithnonameinit@emailprovider.com. The “From” field had “Darren Smith” as the name in it, but the actual email address was ninerandomlettersandnumbers@differentemailprovider.com.

The text of the email is this:

NameOfDarren'sFriend, Are you free at the moment?  Regards, Darren Smith 

I have no idea what this could be, how whatever this is got the name of the person Darren knows, or how it got Darren’s original email address. Anyone have any insight as to what sort of attack this is, and what steps should be taken now?