• Because so many breaches stay undetected for years (or forever?) it is not hard to imagine how this data could be used for 'social hacks' or impersonation. Knowing a lot of personal information about staff members makes it quite easy to gain access to corporate data, since I know more than a few staff members that ask there employees to collect and send them data instead of accessing this data themselves, so these employees are quite used to these requests. Using this employee data a breach may look like an inside job, and it would be very hard to prove otherwise. Though quite modest in numbers, employee data could be even far more valuable to hackers than customer data, not only for access to customer information but also for access to plants, installations and other high risk targets, not to mention business espionage. Just my two cents ...