A U.S. online gift card retailer, MyGiftCardSupply, inadvertently left a server publicly accessible, exposing hundreds of thousands of customer identity documents like passports and driver's licenses. This breach, discovered by security researcher JayeLTee, resulted from the server lacking a password. While MyGiftCardSupply has now secured the server and plans to delete verified documents promptly in the future, they have not disclosed how long the data was exposed nor committed to notifying affected customers. This incident echoes ongoing challenges in safeguarding sensitive documents collected under "know your customer" regulations.