In the case of a security breach disclosure, it's crucial to follow proper protocol to handle sensitive information responsibly:

Ignore the messages: Not appropriate as it disregards the potential impact and severity of the breach.

Remove the colleague and ask members to delete the messages: While it might limit the spread of the information, it doesn't address the breach reporting requirement.

Message the colleague privately: Might help in immediate removal of messages but does not follow the proper chain of command and reporting protocols.

Contact the supervisor: The correct action, as it ensures that the incident is handled by higher authorities who can take appropriate measures. Reporting with screenshots ensures that there is evidence of the disclosure.