It’s an insanely hard problem to solve too. In theory, security teams can monitor for this sort of thing, but the problem is identifying if a customer service rep accessing the data is legitimate or not. Compounded by that, getting access controls right is incredibly difficult at scale.