Oh god that’s pretty bad

> The documents were hosted by systems used by cannabis clubs and a company called Nefos, which operates PuffPal, a platform that manages membership and age verification for cannabis retailers and clubs across Europe. The infrastructure storing these identity documents—full passport scans, driver’s licenses with photos, names, and identifying numbers—was left completely unprotected on publicly accessible web servers.

I cannot imagine the level of fines under GDPR for leaking that much PII

▲

real_chudson 12 hours ago | parent [-]

The EU's verification laws will ensure much more of these leaks in the future, and therefore much more fines

	▲	Kuinox 11 hours ago \| parent \| next [-]
		How so, are you purely speculating or you found a hole in the zero knowledge proof system some countries are implementing ?
	▲	forestry 10 hours ago \| parent \| prev \| next [-]
		Is it requirement to retain the documents? Many are waiting for gatekeeper tech companies to organise around attestation rather than submission to third parties. I hope they are making progress.
	▲	dgellow 11 hours ago \| parent \| prev [-]
		Yep… not sure about more fines, but for sure more leaks