[fish_fan]

My issue is not that they had the vulnerability, but that the vulberability allowed full access to social security numbers and it wasn’t even the “critical” database!

You can take proactive efforts to minimize the risk of breaches; they appeared to store large amounts of unencrypted (or encrypted in aggregate) personally identifiably information together and allowed a single struts vulnerability unfettered access.

For instance, one could not duplicate social security numbers, or could allow you to encrypt your data so you need to provide a key for others to access it. The possibilities are endless.

[KekDemaga]

My design would be a ZeroMQ message bus between the database server and the application server. Social Security numbers shouldn't need to be displayed to the user (as they should already know it) thus all the message bus should be carrying is "it matches" or "it doesn't match" in regards to them.