And the reason Coinbase has to keep all that sensitive stuff, much more than what would be required to identify and authenticate you, which you hope will never be stolen, is because of know your customer laws, so you can thank your government that pictures of your passport got stolen and for whatever criminals and rogue Coinbase employees do with that info.
There are very good reasons for KYC, the problem here is not the government regulation, it's once again private companies being sloppy with their customer's data because sloppy is cheap and it's not their info on the line, it's yours, so there's little motivation for them to safeguard it _unless_ they're compelled to do it by law.
This is costing Coinbase $400M. They are well incentivized to prevent this.