Privatbank: personal data protection

Hi, I want to tell you about how one of the largest banks cares about the protection of personal data and respects the law on banking secrets.
So, immediately to the point. There is a page on Privatbank’s website where agents or employees of Privat can view the history of submitted applications . What you need to log in? To do this, an employee or agent needs to enter his mobile phone number, TIN, passport number, or ... each employee has an LDAP login. Further, the most interesting. Not so long ago (when private began to cooperate with Skype), all employees of the bank were given Skype. And as login was assigned LDAP login.
And now let's say that I want to see the client's history of an employee of Privatbank, I need this login. It is deciphered as follows: first the city code, for example, for Dnepropetrovsk is dn, then the date of birth, for example 010180, and the first letters with the full name, for example, if the worker is Ivanov Ivan Ivanovich, then this is iii. Putting it all together we will have a login: dn010180iii.
How to find a real login? Run a Skype search and search. For example:

We enter the login on the history page and see the clients, as well as their contact details, such as phones:

For a minute of searching, you can find a few more logins:
lv140782mvv
lv131085sma
lv141183raj
And of course the question is why the data is in the public domain? .. After all, it is not yet known how this data can be used by intruders.