An end user/ users with no roles is able to see the personal information of users who post on the activity formatter in the incident.
Steps to Reproduce
Impersonate a user with no roles.
Navigate to Incident > Open.
Open any incident and scroll down to the activity formatter.
Click the user profile of anyone who has posted comments on the formatter.
Note that the user is able to see the information.
Contact Customer Support for installation of a macro that will disable the display of all profile cards.
Related Problem: PRB733497