Yes indeed this is often the case in some companies, as has happened with Digitex (which has now deleted KYC after customer data has been leaked by ex-employees), outside of exchange, Amazon has also experienced the same thing where employees leak customer cell phone numbers and emails . Even though the perpetrator was fired, this did not save someone's privacy when it was leaked.