We have a large environment with > 80 of our sister/subsidiary companies in it, and each of those have client/supplier accounts in the platform.

While the activity feed that shows on JIRA shows issues related to just their project access, it's showing profile image updates for all users, which allows data mining to happen to get names/emails of other companies/clients. Our security team has highlighted this as a high level information leakage issue in our latest SoX review and must be addressed.