KYC Biometrics Leak in International Service Company Remains Unresolved After Responsible Disclosure Attempt

A user discovered a KYC biometrics leak in an international company that intermediates services between providers and customers. The vulnerability allows access to providers' selfies via an API endpoint using their UUIDs, which are exposed in plain text through a feature in the company's app. The user reported the issue but received a response stating the company was aware and accepted the risk, despite evidence of ongoing data exposure. After 30 days of follow-ups with no resolution, the user seeks advice on next steps due to concerns about legal risks and continued user data theft.