No matter how you look at it, there is always a risk that your data will be leaked. I don't know if online casinos store such data themselves or outsource this job to other companies, but if they do the latter, the risk is even greater. In general, when it comes to client data, I don't understand why it's not approached in a way that protects such data in the most accessible way possible, which means that it be encrypted and accessible to a very limited number of people, none of whom can access it themselves.

Trust is usually built up over a long period of time and is lost very quickly in the event of a data leak, so all companies should make maximum efforts to protect such data at all costs.