Yikes! It should not require the service provider to block PII, but at least someone plugged the leak.