I signed up for a VPS at Hetzner Online to use as a secondary name server for my hosting. I provided them with valid personal information for signup, and opted to pay using PayPal. I received the following email from them:
Dear Mr. Kieser,
thank you very much for your order!
Since you're a new customer with Hetzner, we ask you for a scan of your passport or ID card (authenticity check).
It's only necessary for your first order with us.
Please send the scan by fax or as an email attachment.
We are going to save the document submitted for a period of 3 weeks.
Hetzner Online AG
Considering that their services have been compromised, and their users data has been copied – would you provide a copy of your passport to them? I certainly would not. I responded asking them to either cancel my order, or accept my S/MIME signature – which has been verified by a certificate authority as me being me.