Sourced from Ars Technica
Many of you may have seen Catch Me If You Can. If not, go watch it. You'll gain a far greater appreciation for social engineering.
This article has a couple of great takeaways, but one I never realized: some data is hot and ephemeral, like credit cards. Those get changed quickly so in the event of a breach, they need to use used quickly. But what about other stuff like SSNs? Those actually age like a fine wine. The longer you hold onto them, the more valuable they get, since people cannot change them as readily. That means culprits in data breaches take a very different strategy when dealing with that sort of information as opposed to credit cards: They put it on ice and only start selling it years later. Big investment with big payoff.
It also reminds me of a shirt I saw years ago: "Social engineering: Because there is no patch for human stupidity."