In cases where the casino may get hacked and kyc documents stolen, in most cases, we can't completely put all the blame them because believe it or not, every business sometimes go through issues no matter the type of issue.
As long as the casinos follow the proper data protection measures required by regulators, they can’t be blamed. But if they don’t, then they should face complaints and possible lawsuits. This is part of the risk we take when entrusting them with our data through KYC requirements. To minimize that risk, we have to be selective in choosing the right casino to play with, and that is to stick to reputable ones, as they usually have stronger security measures in place.
In my opinion, factors such as hacking of personal data bases by hackers and the non-zero probability of theft of databases by trusted or offended employees make it so that the personal data of almost any casino can end up in the public domain. And this does not depend on how seriously the security measures for storing personal data requested by the casino as part of the KYC verification procedure are organized.
In principle, there can be no serious guarantees of the security of personal data even in the most famous and largest casinos. They are attacked more often than those small casinos that are of almost no interest to anyone.