.. Recently there was a data breach from B&Q, a home improvement retailer in the UK, where 70,000 names were lost. These weren't customers, but rather people that had been caught stealing from the stores. ..
70,000 seems like a lot. It makes me wonder if this is an internal list of people who were actually caught stealing from this specific chain of stores, or maybe it was something like a black list of known shoplifters that is shared by the retail community or acquired from a 3rd party provider. I'm just theorizing here and maybe drifting off topic, but I can imagine a scenario where retailers have facial recognition functionality built into their security camera system, and then they subscribe to a mugshot database of known offenders. Why else would the store maintain a database of shoplifters?
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho