1) That specific value is a number
No, it's not. Don't take my word for it: play with SQL and realise that NULL doesn't behave like a number when used in operations and functions.
2) It's not always unambiguous, hence this story.
It's definitely unambiguous. Again, don't take my word for it, take e.g. a TINYINT and try to figure out which of its possible values is ambiguous with NULL. (Read: SELECT x = NULL results in True, hint: there is no such value).
The story is *not* about NULL having an ambiguous representation: it's about the programmer *not* using NULL to represent the concept of "missing information" (which is exactly why it exists in SQL) and instead (ab)using a specific numerical value.
Hint: the specific internal representation is absolutely irrelevant in the context of the discussion: the point is that whatever representation is used for NULL, it's a different representation from any other valid value. Yes, this means that e.g. if you have in-DB a nullable TINYINT (1 byte number), you have *more* information than what is representable in a C or Java variable of type 'byte' (primitive).
How you'll need to define your programming data model to accurately map all informations you read from the DB is a completely different issue and doesn't change the fact that the DB *does* provide a specific value which represent unambiguously the concept "information is unknown".
If you are not knowledgeable enough, trusting a representative is the quick, simple and wrong solution. The correct solution is to educate yourself so that you can form an educated opinion on the matter. Not being knowledgeable enough is not some immutable condition and you need to form your educated opinion anyway even with representatives, otherwise you wouldn't be able to effectively evaluate whether a they are good or bad.
This is especially true since on most issue there is actually a pretty good agreement about how society should look like, but diametrically opposite theories about how to actually reach that.
No, we didn’t notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?"
They assume only DataBreach has the data, which is something they actually don't know for sure. On top of that, they assume that DataBreach will not publish the data or sell it to the black market. I believe they will not, but if you are responsible for personal informations and the data gets into the hands of a third party you cannot just assume the third party will behave the way most convenient for you just because the alternative makes you unconfortable.
Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.