I’ve been wondering about this a little, if the exposure is greater than just increased spam and phishing risk (due to PII info being breached).
If they’ve got hashed credit card details and the last 4 digits, could they fire guesses at the hashes (just like l0phtcrack for CCs instead of windows SAM databases)?
How much risk is there to people’s personal funds via their credit cards?
Thanks, that brings done useful context here