Not at all surprising...
There is a reason that I built (And learned *how* to build.) my own system, which I know how to troubleshoot and fix if need be, and a reason that I'm running Ubuntu which I can also trouble shoot and fix if need be, thus eliminating the chance of someone lifting my personal info off of it.
I've known technicians who have worked at various repair shops, and according to them the first thing that they do when a new machine comes in, is to copy off any porn, music or movies you might be on there. [1] The ones I knew were ethical enough that they didn't record financial details, but as this report shows, there's no guarantee.
I've also heard personally from people who worked at a particular shop in the US, (Now long out of business, fortunately.) that the owner there made a practice of going through the computer owners financial records to determine how much he could get away with charging them for repairs.
Personally, I think that the current attitudes toward privacy on machines that have been brought in for repair are far too lax, and I'm not at all surprised that something like this has come up. In fact, I'm surprised that it's taken this long to start to hear about it.
I feel that there really needs to be a code of conduct for these types of businesses which states that personal files and information on a machine should be *absolutely* off limits, beyond the absolute minimum needed to actually fix the machine. (Which should be zero, 99% of the time.) This should include oversight of technicians to stop the currently winked at practices of copying off interesting files, and which would yank the business license of any shops that are caught doing this, even if there's no misuse made of the information.
[1] My own comment to them, that I was advising any friend who sent in their machine for repairs to entitle a folder, "My Girlfriend Nude" and fill it with octogenarian porn, was for some reason met with accusations that that I was in fact, "Evil Incarnate". Go figure.