That obviously isn't true. Some data shouldn't exist: CP. Some data can exist, but it's backed-up so well that deletion is never a problem. For example, I'm not going to forget my birth date any time soon! In fact, very little of the information that businesses have about me needs preservation. I remember it all, and if I decide the business still deserves it I can give it to them again.
It is of course possible that some of this data didn't need to be kept private, and therefore shouldn't have been deleted. Maybe some medical researchers had compiled the data they needed to formulate the ultimate cure to COVID-19? (I hope they had anonymized all the patient data!) Until those researchers come forward to lament humanity's loss, I'll just assume that all the "victims" who don't want to go into too much detail about the "lost" data were playing fast and loose with their customers' private information.
So your argument is that any random person is in a position to evaluate whether someone else's "data shouldn't exist" and take unilateral action to delete it? And are you suggesting that in this particular case the person launching this attack is taking time to evaluate the nature of the data before taking action?
> I'll just assume that all the "victims" who don't want to go into too much detail about the "lost" data were playing fast and loose with their customers' private information.
Why the scare quotes? It takes some serious amount of chutzpah to advocate that it is a reasonable assumption to assume the data wasn't important and to use the lack of public complaint as evidence that the data wasn't really important. Why do you even think it was "customer" data?
I didn't just invent this idea that businesses are careless with data their customers would prefer to be kept private. Basically every breach we ever hear about features this prominently. Somehow we've created an economy in which there exists a vast asymmetry between corporations who pad their books a few percentage points by abusing their position and the humans who suffer such abuses. The fact that the publicity of small bits of data about a human can cause that human massive harms is itself a contingent creation of our screwed-up system, which benefits the giant companies whose lobbyists write the laws. It's as if someone decided we should all live under the "protect your True Name at all costs" system from the Earthsea novels, without giving any of us any way to do that.
There's very little a customer can do to determine how or even whether her confidential data is protected. Even if she had this knowledge, in many cases she can't just decide to do business elsewhere. In many cases she was never a customer in the first place! In this context, an open database is like a shoddily constructed tall building that will collapse at the first stiff breeze. It shouldn't exist, and anyone who destroys it upon discovering it is doing humanity a service. Even if the building's owners had somehow kept the general public out (which you'd like us to assume), those owners themselves increased their danger with every bit of data added. Now, since the building has been destroyed, its owners and occupants are no longer in steadily increasing danger.
You seem entirely focused on PII concerns and arguing as if the only organizations affected by this incident are "giant companies". That doesn't seem to be the case. I haven't seen any suggestion that this incident is focused on that type of data.
As much as I agree with all the concerns posted here about how data should be protected better I don't think it is necessary to excuse and legitimize the unauthorized access along the way.
Wealthy interests built the system, but they're not the only abusive actors within it. It would not surprise if smaller firms completely failed to protect the data of other parties more often than larger firms did so. The best way for database operators to prevent unauthorized access and deletion is to secure their databases in some way. The best way for anyone else to prevent abusive access is to delete unsecured databases. Working together, this problem will be solved eventually.
I think I'm having a somewhat uncharacteristic relativist thought... I feel that the indiscriminate and nearly unregulated collection of any data any company feels like grabbing hold of _should_ be countered.
I feel like the wrongness of deleting unsecured data is a pittance compared to the crapload of other wrongs that have been visited upon us 'products' by failures of diligence or desire or consequence.
I would very much like to hear, if it turns out to be so, that the operators of 'meow' are selectively targeting more likely corporate data, especially with customer/user data, but in the end I'm still ok with the idea of burn it all and let the DB vendors and IT staff who let their asses hang out explain why security was so low on their priority lists.
And yes, I'll take some potential difficulties in my own life due to unexpected deletion complications in the process. I'm not asking anyone else to accept anything I'm not going to be okay with myself.
Or it's data that was gathered (in line of business, for example) and its destruction is anywhere from more secure to an inconvenience.
Or it's data that was aggregated beyond legitimate use (hey, FAANG) and by all means, tear it the hell up and throw it away.