[Nextgrid]

Would a redacted document with just the number be enough? The government can still figure it out if there's an investigation, but at least leaks are somewhat contained; you can't do much with a passport number alone unless you have another leaked DB that maps these numbers to other details, and even then it slightly increases the effort required for someone to identify you (they can't just Ctrl+F your name in the data dump).

[teej]

As a cam site operator, you have a legal obligation to keep a record of their ID as proof of age. Keeping just the ID’s number isn’t sufficient.

Could they have firewalled the data better? Hell yeah, there’s a long list of ways this could have been done more responsibly.

I’m in the industry and we take the security of this data very seriously. Very few folks have access to IDs once age verification has happened.

[Nextgrid]

The problem is that anyone can claim they take security seriously (and I'm sure this site did as well), but as a user there's no way to tell whether it's actually true. There's also the risk that the data being secure now becomes less secure later on when the company decides to cut costs.

[teej]

Totally agree with you. I wish folks used better technical solutions that made a breach like this impossible. It’s the ethical thing to do - this breach will directly cause people to come to physical harm.

[sansnomme]

What about fintech KYC APIs? Are those sufficiently compliant?

[Nextgrid]

From reading the other comments my understanding is that you need to keep the document itself, where as most KYC companies will verify the document (and potentially other factors such as credit history) but then discard it and only give you a pass/fail status code.

[bostik]

This is correct. Fintech (and gambling, which I am intimately familiar with) companies are required to keep the submitted KYC documents on file for several years from the last customer interaction/activity.

You can't even delete dud uploads. If a customer is involved in fraud or money laundering investigation, every document they have ever uploaded is evidence. So is the type, time and timing of different uploads: in fact, the uploading of a bad document is itself a valid and potentially valuable data point. Multiple uploads in tight sequence with duds in the mix? Hello...

The submitted KYC documentation is TOXIC. It is essentially an archive to impersonate customers. Hell, I consider the material so dangerous that we built a dedicated protection system to guarantee the fraud potential of our archive would be seriously limited even if the whole archive leaked[0].

0: https://smarketshq.com/shields-up-on-user-information-b7093f...

[dragonwriter]

> Would a redacted document with just the number be enough?

Nope, in US law. Full copies are required of primary producers; redistributors are allowed to have copies with some redactions.