An article relating to this blog post on Finextra:
Financial institutions have lost battle to protect customer data - TowerGroup
US financial services firms have lost the battle to protect the personal information of customers and must now assume that all their clients' data has been, or will be, compromised, according to Tower...
See article
Reaction to the article of TowerGroup
https://www.finextra.com/fullstory.asp?id=20137
Regarding the usage of "traditional" account information (name, address, birthdate...) as authentication factor, I guess we can say that, at least in Finextra Community, we know that this type of data has been compromised long before being put on the spot
by the successive data breaches.
Even before the series of data breaches, this type of "traditional" information was already easily available on the web via the social networks and deep web search tools. There is always a trace somewhere even if you never enter your info on a website.
Concerning the recommendation of using knowledge-based authentication and one-time passwords delivered via SMS, I could not agree more.
The type of information that needs to be used for the authentication has to be dynamic, and the process itself must include an out-of-band channel to be insensitive to the latest hacking techniques.