For any companies that handle customer data, especially PII or credit card information, even having the data access could be actionable and result in massive costs/fines.

This would be a major risk, IMHO.