Wired has an article on the LexisNexis breach in which over 300,000 people’s personal information was accessed by hackers.
It seems a hacker posed as a 14 yr old girl and was chatting with a police officer from Florida. The hacker sent the cop a slideshow of nudie pics that were supposed to be her and it contained a virus that scanned the officer’s machine and found a username and password to a LexisNexis database used to support law enforcement. They stumbled on it by complete accident, but did not stop there.
They next convinced the company to reset the password of an admin account and began creating new users. These were spread around the internet and many people started accessing the information.
It wasn’t until a cop in CA inspecting a parole’s house noticed that the suspect had a report from the company. Recognizing these reports were for law enforcement only, he contacted the company in March. LexisNexis soon disclosed the breach which began in November.