leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions