[greedy_buffer]

While this may be a serious problem it doesn't actually seem relevant to this breach - if a CRA has an incident of this severity, most ID schemes are still going to end up with a pretty large leak of PII that can be traced back to the individuals involved.

[rando444]

The point your parent is making is that in the US this information can be used to impersonate people.

In countries with modern identity solutions, this is not possible.

[asdfasgasdgasdg]

What is required to impersonate someone in, e.g., Belgium or Switzerland? To get a credit card or something, I mean.

[JaRail]

Not from either of those countries but I was curious.

https://www.gemalto.com/govt/customer-cases/belgium

Belgium has a digital ID card. It's a smart card that contains fingerprint info. So you can put the card in a fingerprint reader to verify you match the card. Cryptographically secure so you can only get them from the government. Second, they have an online identification service and mobile app that can be used to verify your identity to banks online. There's also an under 12 kids version of the card that includes emergency contact info, etc.

Looking up info for Switzerland has a bit of a language barrier. It looks like it's still mostly just a national number similar to a SSN and national identification card. Documents from as far back as 2016 have their government planning a biometric id card and an electronic id. Some docs said they were aiming for a 2019 rollout but I couldn't find any recent updates.