While it's true that many security exploits and intrusions are the result of trojans and viruses, social engineering plays a big part in the exposure of data. Hackers can pose as employees of a target company, and talk their way into getting login information from a naive employee. After that, the doors are wide open.
It's really time for a major change in the way our personal, private data is handled. How many times do we have to read in the news that a worker for the Social Security Administration or the Internal Revenue Service lost a laptop containing the private data for millions of people? Or credit card companies? Or companies that don't bother to shred printout of critical customer data and just toss it into a dumpster behind the corporate office?
This needs to stop. We need to take back our data from companies that are unwilling and unable to protect it. Most of these companies do not need to store our personal information. In fact, all they need to certify is that we've paid for their services. They don't need to have our credit cards on record. They don't even need our names, addresses, phone numbers, birth dates, social security numbers, etc.
All they need is an encrypted hash that resolves to a customer ID number. Let us, the people, hold our own data. The companies would then recieve payments from our banks to them, attached to that encrypted ID number. Banks would not store this number, except perhaps on the monthly statement showing that the payment was made.
Start fighting back now. Demand that online stores stop hanging on to our credit card information. If a website asks you to store the information online for future use, DON'T DO IT. If an online store allows you to shop as a guest instead of signing up for another user account, do it. Every time you give companies your info, you make it easier for someone else to steal it and steal from you.