KYC might have its function explicitly defined but when it becomes compromised, it then makes even the initial purpose of it not interesting anymore. Data breach in a company that holds large amount of personal information of their customers is very dangerous and if such happens, companies will have to face the consequences of allowing a data breach into people’s personal data that is suppose to be accessible to only the company for prevention against money laundering and making sure of compliance with the regulations. They need to protect people’s data by all means and for their own integrity also as a reliable company where personal data is saved with.
If any site that takes KYC documents and sells the document to another party, then howcan to identify that if they do not disclose and/or if they do not mention about the data breach. As the data can be shared from various sites, we usually use various types of websites each day.
Customer will not know if their documents has ben sold to other parties. If the stealer don't make it public, I mean he is not sell in public, no one will know. But usually, the stealer will sell in an underground forum and some of them will tell from where the document come from but other will keep it secret.
It is like you get an offers via SMS from many parties. They get the data from the marketing and they are sharing their customer data to others by selling it or give it. It is why we as a customer must be selective choosing the site where we want to KYC. That will prevent the data breach that may happen on that site.