I don't understand why so many IT centric organisations including banks, telcos etc store ID card information as clear text records which are visible to anyone?
Would it not make sense to hash them and anyone who wants to verify a customer's ID number would enter that number and receive a verified / not verified response from the backend?
https://news.rthk.hk/rthk/en/compone...0-20201009.htmChan's convicted of using his company’s computer from July to September last year to obtain a customer's information, and made them public on social media during the protests.
The information in question included the officer's phone number and Hong Kong ID card number.