As a security researcher, I have become familiar with different related tools and software packages.
The other day, I opened up one of those software packages and was attempting to attack a personal wifi network with a WPS attack to asses the usefulness of the software.
I clicked the Start option and then let it run. Long story short, I selected a neighboring business's wireless network and not my intended network.
I will not disclose any information publicly and erased the data immediately, but I would like to approach the business and discuss this vulnerability.
Considering I did not have permission to run the test, but I would like to responsibly disclose my findings to those affected.. I am not asking for legal advice on here, but should I be finding a lawyer first? Is a standard NDA the accepted standard here? I know the approach is important, so how would I go about assuring my safety too?