I wrote a data integration between two internal, siloed tools at a major ISP. This let me build security alerting on social engineering attempts and successful compromises. These se campaigns were using information from other corporate and gov data breaches to access accounts that had not been setup with pins/passphrases, and going for quantity over quality for targets. Anyone was fair game to them and if they couldn't steal money then they'd resell the access and PII to even more unsavory types for identity theft. At the time, if a caller had the account holder's PII, they'd be able make limited changes to the account. Unfortunately, those 'limited' changes were things like forwarding phone or email service.
They did pool the data eventually and the alerts continue to be used today to identify compromise and lock email/phone to prevent them from being used for bank fraud. The reduction of financial fraud on normal people was significant. My work kicked off a ton of other initiatives to prevent other avenues of compromise as well. I went from working customer compromise investigations in the scale of thousands a year to a few hundred after implementation. Having clear data of malicious access that couldn't be ignored prompted those initiatives to be seriously funded and maintained. Moving from reactive to proactive on these was very satisfying.
