Biggest risk I see right now is PLAID, which is ubiquitous in the KYC realm (virtually every bank and exchange uses it).

When (not if) that gets hacked it's going to be bad...