This is one of the risk using KYC verification method in everything.If they can make sure that the database is safe and secure,it's no problem,but if it's easy to be hacked,who should the people trust? With just social engineering technique,the hacker can stole the database from the people who responsible to manage it.