During a penetration test, you uncover evidence that suggests an employee of the client company may be involved in illegally selling customer data. What is your immediate course of action following this discovery?
Ignore the evidence as it is outside the scope of the penetration test.
Confront the employee to gather more information before reporting.
Continue monitoring the employee's activities to collect additional evidence.
Immediately report the findings to the organization's point of contact.