If you aren’t following Troy Hunt (and you care at all about information security — which you should) you should be.
A recent post of his went into detail on a poorly-secured server which left thousands of Indian citizens’ health care data exposed to the world.
I posted not too long ago about our expectations of privacy. This is exactly the sort of situation where nobody was hacked or infiltrated, but sensitive information was out there for the taking for months before anybody noticed. This got a lot of attention (once it got into the right hands) because it was medical data — if these had been chat logs, it would probably all still be available for download.