Successful attacks against all kinds of organizations happen all the time. You don’t often hear about them because companies aren’t exactly proud to share that they have been successfully victimized. In some cases, companies are required by law, regulation, or contract to disclose breaches, but disclosure often doesn’t occur unless it is unavoidable.
In addition to having a comprehensive stack of technical security controls, companies must now start controlling how much information they give away to their adversaries on the public internet. Knowing all about the “cast of characters” at an organization makes an attacker’s job MUCH easier. While we regret the demise of the humanizing element of the traditional “About Us” page, the cost of giving that information away to appear friendly and down-to-earth is simply too high.