A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified or generated synthetically, according to Tonic.ai.

The study found 45% of respondents said their companies have faced a major data breach within the past five years due in part to the use of data in insecure environments.