So I've gradually opened up about this as the risk has decreased, but I think it's time I can publicly share something that happened to me this year:
I was part of an investigation into a possible violation of the CFAA. Or, more accurately, I was being investigated as a suspect.
TL;DR: I ethically disclosed an security vulnerability - SQLi leading to account info, plaintext passwords. That same issue was, according to the investigators, abused by someone (possibly me, they thought).
Taking the "Twitter" out of "InfoSec Twitter."