As I have warned people for years, your data is only as safe as the security at the places  with the weakest security holding your data.  Many times we have seen private information stolen and publicly released, as in the case of stolen nude photos, used for extortion purposes or sold to others on the Dark Web.
Cybercriminals recently hacked into the Grozio Chirurgija cosmetic surgery clinic in Lithuania and release 25,000 private photographs including nude photographs along with other personal information of patients of the clinic from more than sixty countries around the world. The hackers, who call themselves the “Tsar Team” contacted the clinic itself and individuals whose data had been stolen demanding bitcoin ransoms.  The clinic has refused to pay a ransom.
In addition to doing the things we are constantly reminding people to do to protect themselves from data breaches, including, but not limited to the use of dual factor authentication, encryption and constantly updating security software, we should all be asking any company or entity that holds our personal information about what steps they are taking to protect that data and if their answers are not satisfactory, you should refrain from dealing with them.