All providers are required to expose their internal systems to that unsecure data brokerage. And, all data must be in the same format and structure.
Hackers Paradise.
It'll be interesting if anyone comes clean on it.
Very likely. If true we will probably never find out about it.