Calling BS on that story. You don't need to fire anyone. You just rate limit access to lookups where the customer didn't initiate a support call themselves, and require supervisor approval and audit of said approvals on a regular basis. I've also worked on systems where accounts could be marked as sensitive (e.g. the celebrities) and those needed additional sign off to be accessed.

I’ve worked in systems like that too.

I can tell you exactly how much privacy the celebrities got. There is no record of the sharing or the breaches.