Similar situation here in Brazil. People use these IDs as passwords. When system administrators set up accounts for users, there's a good chance the default password will be the user's ID and that it will never be changed. Every school I've ever attended did this for school portals, wifi logins. It's insane. There used to be a website where I could look up anybody's ID number by name, that's how public these things were. With this ID number, I could perpetrate all sorts of electronic crimes under the cover of somebody else's identity. I could dox anyone by consulting services such as credit score databases.
