As Bruce Schneier said when linking to this, this is pretty low-tech, but it does highlight a scary misuse of data:
“Mr Fearn said the talent assistant told him they were confused because he had apparently emailed them to withdraw his application on Wednesday.
“They forwarded the email, which was sent from an account using my name.” “
So yes, this is a very low tech example, but an example nonetheless of something I’ve been keeping an eye out for. It’s not the data breach that ends up as being extremely dangerous to individuals, it’s how the data that is being accessed might be tampered with. If a leaky system can display the names of people applying for a job, we can certainly take those names and impersonate those people, creating not just an email account, but wholly fake social media profiles, websites, etc. all in the name of tarnishing the other candidates in front of a potential employer.
Imagine what an actual hacker could do with access to health, banking, criminal, or employment records?
How will we know enough to clean it up?