Greetings Fellows.
I just subject a poll about this doubt, because a friend told me,that the national id of a developer it must not be a business leakage.So what about if you find these numbers in a test then it should not be a leakage
thanks for your help
National id is indeed business leakage, because is a person semi-private information. The leakage of this id entails enumeration of existent persons (you can view it as a form of user enumeration) that can be used in many apps that requires this id as credential field.
Concerning the test environment, the justification of been a test does not prevent information leakage. If this test environment is never going to be published then client should not have requested revision on it, but if so, this environment would be ignored for any vulnerability.