The cybersecurity community has long lived by a simple principle: Don’t collect more data than you can protect. But ID laws and other legal mandates now force many organizations to store massive amounts of sensitive data, putting them in the precarious situation of dealing with information they don’t necessarily want but have to safeguard.
The recent data breach involving Discord illustrates this challenge. In early October 2025, the messaging and gaming platform disclosed that cyberattackers had compromised one of its third-party customer service providers, accessing personal information from users who had contacted Discord’s Customer Support or Trust and Safety teams.
While the breach included typical support ticket data, including names, email addresses, IP addresses, limited billing information and customer service messages, one category of stolen data stood out: government-issued identification documents.
According to Discord’s official statement, the cyberattacker gained access to government ID images from users who used Discord’s partner to appeal expulsions for being underaged.
The ID law dilemma
Discord didn’t collect these government IDs on a whim. Age verification laws are proliferating worldwide. These laws typically mandate age verification through government-issued documents, such as driver’s licenses, passports or national ID cards.
Failure to verify IDs can result in millions of dollars in fines. The intention is sensible: protecting minors from inappropriate online content. But for the organizations that have to collect ID data, the laws can lead to a security nightmare.
Organizations now have to collect and store volumes of the most sensitive personally identifiable information possible regardless of whether they have the infrastructure to adequately protect it — or even want to collect it. The old rule of minimal data collection becomes irrelevant when the law requires maximum data collection.
The cascading impact
Any organization that interacts with the public, including health care providers, financial services firms, educational institutions or e-commerce sites, could find itself subject to age verification, identity verification or other regulatory requirements that mandate collecting and storing sensitive documents.
Each new database of government IDs becomes a potential breach waiting to happen. When that breach occurs, the damage extends beyond immediate victims.
Organizations and their partners can face regulatory penalties, litigation, reputation damage and loss of customer trust.
For small and medium-sized businesses, a single significant breach involving personally identifiable information (PII) can be devastating.
Acronis Cyber Protect Cloud integrates data protection, cybersecurity, and endpoint management.
Easily scale cyber protection services from a single platform – while efficiently running your MSP business.
Free 30-day Trial
The MSP challenge
Managed service providers (MSPs) get dragged by their clients into this challenge. By definition, MSPs handle sensitive data for multiple clients across various industries, each with its own regulatory requirements and risk profile.
A breach affecting an MSP doesn’t just compromise one organization’s data. It potentially impacts dozens or hundreds of client organizations simultaneously.
The traditional MSP technology stack compounds this vulnerability. Many MSPs cobble together multiple point solutions: separate tools for backup, endpoint protection, vulnerability management, patch management and security operations.
Each additional tool represents another potential attack vector, another integration to secure, another credential to protect and another vendor relationship to manage.
This complexity creates gaps. Data might be encrypted in transit by one tool but not at rest by another. Security policies might not sync consistently across platforms.
Blind spots in monitoring emerge when systems don’t communicate effectively, and in an environment where MSPs must protect massive volumes of client data, including the government IDs, financial records and health information now required by various regulations, those emerging gaps are untenable and dangerous.
Simplification through integration
The solution lies not in adding more security tools but in consolidating them. MSPs need to simplify operations through natively integrated security platforms that unite cybersecurity, data protection and endpoint management within a single solution and with a single point of control.
A truly integrated platform eliminates the security gaps inherent in multivendor environments.
When backup, endpoint protection, disaster recovery and security monitoring operate through a single agent with one management console, there are no handoff points where data might be exposed and no integration vulnerabilities to exploit, and there is no confusion about which tool protects what.
Native integration delivers practical benefits beyond security. MSPs can reduce the administrative burden of managing multiple vendor relationships, licenses and support contracts.
Centralized monitoring provides complete visibility across all clients from a single pane of glass. Automated workflows reduce human error that often creates security vulnerabilities.
Most importantly, integration dramatically reduces the attack surface. Every additional platform, agent or management console represents another potential entry point for attackers.
By adopting natively integrated solutions in a single integrated platform, MSPs can focus on boosting client security rather than managing multiple solutions.
A new security imperative
The old rule — don’t collect more data than you can protect — can’t always apply in today’s regulatory environment. The Discord partner breach serves as a warning about the ramifications of ID laws for data protection.
MSPs need every advantage they can get, including native integration in the platforms they use, to secure the continuing swell of client data.
About TRU
The Acronis Threat Research Unit (TRU) is a team of cybersecurity experts specializing in threat intelligence, AI and risk management. The TRU team researches emerging threats, provides security insights and supports IT teams with guidelines, incident response and educational workshops.
See the latest TRU research
Sponsored and written by Acronis.