The personal data that prompted more than three million queries on the fraudulent website included names, dates of birth, Social security numbers, bank account numbers and bank routing numbers. And this is just a single operation. If this isn’t telling us how dangerous it is to rely on personally identifiable information (PII) to authenticate customers