Sensitive data found in non-production environment

Description

Datastores in non-production environments should not hold sensitive data

Rationale

Non-production environments tend to have more relaxed security constraints and broader access for engineering teams. Sensitive data from production should be anonymized or tokenized before using for dev/test purposes.

Remediation

Delete the data or carefully the security policies around use of that data similar to how it is handled in production environments.