So your argument is that any random person is in a position to evaluate whether someone else's "data shouldn't exist" and take unilateral action to delete it? And are you suggesting that in this particular case the person launching this attack is taking time to evaluate the nature of the data before taking action?
> I'll just assume that all the "victims" who don't want to go into too much detail about the "lost" data were playing fast and loose with their customers' private information.
Why the scare quotes? It takes some serious amount of chutzpah to advocate that it is a reasonable assumption to assume the data wasn't important and to use the lack of public complaint as evidence that the data wasn't really important. Why do you even think it was "customer" data?
I didn't just invent this idea that businesses are careless with data their customers would prefer to be kept private. Basically every breach we ever hear about features this prominently. Somehow we've created an economy in which there exists a vast asymmetry between corporations who pad their books a few percentage points by abusing their position and the humans who suffer such abuses. The fact that the publicity of small bits of data about a human can cause that human massive harms is itself a contingent creation of our screwed-up system, which benefits the giant companies whose lobbyists write the laws. It's as if someone decided we should all live under the "protect your True Name at all costs" system from the Earthsea novels, without giving any of us any way to do that.
There's very little a customer can do to determine how or even whether her confidential data is protected. Even if she had this knowledge, in many cases she can't just decide to do business elsewhere. In many cases she was never a customer in the first place! In this context, an open database is like a shoddily constructed tall building that will collapse at the first stiff breeze. It shouldn't exist, and anyone who destroys it upon discovering it is doing humanity a service. Even if the building's owners had somehow kept the general public out (which you'd like us to assume), those owners themselves increased their danger with every bit of data added. Now, since the building has been destroyed, its owners and occupants are no longer in steadily increasing danger.
You seem entirely focused on PII concerns and arguing as if the only organizations affected by this incident are "giant companies". That doesn't seem to be the case. I haven't seen any suggestion that this incident is focused on that type of data.
As much as I agree with all the concerns posted here about how data should be protected better I don't think it is necessary to excuse and legitimize the unauthorized access along the way.
Wealthy interests built the system, but they're not the only abusive actors within it. It would not surprise if smaller firms completely failed to protect the data of other parties more often than larger firms did so. The best way for database operators to prevent unauthorized access and deletion is to secure their databases in some way. The best way for anyone else to prevent abusive access is to delete unsecured databases. Working together, this problem will be solved eventually.
> I'll just assume that all the "victims" who don't want to go into too much detail about the "lost" data were playing fast and loose with their customers' private information.
Why the scare quotes? It takes some serious amount of chutzpah to advocate that it is a reasonable assumption to assume the data wasn't important and to use the lack of public complaint as evidence that the data wasn't really important. Why do you even think it was "customer" data?