My understanding was that KYC data was usually done by a third party and kept separate.
Even if done in house, I would expect that Coinbase would be required to handle this data with scrutiny and a lot of auditing.
So then I strongly wonder why this data was able to be extracted through social engineering.
Incentives. If the access exists (and I believe it might have, especially if the contractors were the 3rd party kyc firm involved), it can be bought.
KYC itself should be a crime. Getting hacked should be a second crime.
I do like the idea that companies should be held more liable for hacks.
I feel like they get reported, but severely downplayed. We rarely see the side effects reported on and we never see it linked to leaks.
There are so many leaks, there must be so many victims, why are they all invisible?
