As is often the case with early-stage ransomware disclosures, the company appears to be reluctant to mention "ransomware" or even "attack" in its wording.
I will go first "Whatcha talkin bout Willis" !!!
Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a "cybersecurity incident" after data purportedly stolen from the biz was posted to the Black Basta ransomware group's leak blog. The form 8-K filed with the Securities and Exchange Commission (SEC) on February 9 revealed the NASDAQ-listed …
I still say that an employer does not need a scan of an employees passport. It needs to know
If they have one
What countries.
Expiry date
Any endorsements (like not allowed to come back here).
This would involve showing it to HR so they can look.
I think some countries have rules that nobody is allowed to copy or scan them. That, obviously, doesn't stop immigration functionaries doing just that but it should stop employers.
In the case of at least the UK, it's rules/regulations employers must follow to show "proof of residence" and/or "right to work" in the UK. However, I don't think the regulations actually state that copies must be kept, just that they must be seen and examined. But as is commonly the case, the company (and company lawyers) will be in arse covering mode so if/when they are audited, they can show they not only did the job properly, but went above and beyond. If there are any legal comebacks, they want to demonstrate that they saw the documents, not just show a checklist. And so it results in large troves of extremely valuable personal data being lifted when in reality, not only should they not be keeping that data, but even if they do, it should be locked down tighter than a fishes arse, not on a system that is, however incidently, public facing.