AS per the GDPR I see no possible solution for the “reasonable measure to verify the identity of a data subject” against an IPv4 IP and thus to reliably act on IPv4 related data subject access/deletion requests.
Also per the GDPR, providing data to the wrong person could “affect the rights and freedoms of others” in which case you shouldn’t provide the data.
I seriously don't get what's the huge deal about this. Of course it sucks but it's not THAT hard to implement.