logoalt Hacker News

dgellowlast Sunday at 7:51 PM3 repliesview on HN

Oh god that’s pretty bad

> The documents were hosted by systems used by cannabis clubs and a company called Nefos, which operates PuffPal, a platform that manages membership and age verification for cannabis retailers and clubs across Europe. The infrastructure storing these identity documents—full passport scans, driver’s licenses with photos, names, and identifying numbers—was left completely unprotected on publicly accessible web servers.

I cannot imagine the level of fines under GDPR for leaking that much PII


Replies

real_chudsonlast Sunday at 8:51 PM

The EU's verification laws will ensure much more of these leaks in the future, and therefore much more fines

show 5 replies
hahahaayesterday at 2:31 AM

Why can't verification simply be go to post office, clerk will affadavit that you presented correct ID via online form. Which could also do the photo lookup for good measure.

Store that fact in the computer. Good for one ID usage. Good for less critical stuff like this weed thing (versus say a visa application which may need to store).

The analogy is a nightclub bouncer checks your ID.

show 1 reply
voakbasdalast Monday at 9:25 PM

Show me the consequences. I hear there are supposed to be repercussions, but these asshats never seem to pay for their crimes.