Unbelievable. When I was a director of an exchange in 2013, one of the first security policies I set up was: -Once KYC/AML was approved it was printed out. -One copy went to a fireproof filing cabinet at main office with the compliance lead. -One copy went to secure offsite records storage with Iron Mountain. -Digital copies were batched weekly to an airgapped offline server. -All access went through senior compliance team members. Coinbase’s disclosure here focuses on the stolen funds. But that’s irrelevant. They got physical addresses, and government IDs. Things you can’t change, and things that put customers at physical risk. No element of KYC/AML policy requires this kind of stuff to be accessible to your customer support agents. I don’t want to hear about what Coinbase is doing to recover funds - I want to hear what they are doing to better deal with private data. And why a 60B company, had such rubbish data policies when they can easily afford to hire top class talent?