And the more unique your situation, the more memorable you are. If I recall correctly, the shopper was taking a kid in for a haircut. There was signing in to be done and that needed to match up with the credit card. Apparently hers was the only kid haircut in the approximate time period.
But there has been a real breech that I know of when there was a Business Verification. The target did not appear for the appointment. They then called the cell phone number they had been given and the phone was turned off or some such. So they called the MSP, who gave the target the shoppers home telephone. (It may have been the other way around--target given home number by shopper and MSP handing out the cell. But in any case, the MSP gave out a phone number they had no right to give out.)
I feel comfortable that most MSPs do a decent job of securing our information. There are notable exceptions--such as when Datatron was closed and their computers were impounded by the Sherriff and sold at auction to satisfy unpaid rent, at least theoretically with our personal data on the drives. But I figure we need to function in life with a fair amount of identity threat from any place our data can be compromised--banks, credit reporting agencies, internet hacking, trusted agencies where some fool takes the data home on a laptop that is stolen, etc.