No Good Deed.
However I 'fat-fingered-it' (mistyped it) and got a client for whom I should not be authorized to see.
To make matters worse, I merely copied the url for the site I should not have visited, then went into a different browser and was able to go directly to the confidential data.
I reported my access to the one person who could pass it up the line, and quickly learned that the top management would 'shoot the messenger' of anyone providing proof of their incompetence.
Apparently the director of Information Systems for this outfit just got a big raise, was spending a lot of money on changing the system, but really did not know what he was doing.
At the point, I decided to just keep my mouth shut. The little 'change the number on the url' trick works at a lot of webpages. It is not hacking, it is just being able to post the exact web address that the server is waiting to take care of.