The problem is that different companies have different protocols on what information they use to identify users, etc, and hackers are getting smart enough to connect various partial information to get full information on a user.
Every single customer-facing company needs to have STANDARDIZED security/information protocols. This includes taking in same information, and only giving out the same information. This should solve this problem.
Even with standardized security protocols, you will still have issues with undertrained/underpaid customer support agents working to "help" one very smooth talking hacker using social engineer tactics.
Social engineering is always a problem, and I think first-level support should NEVER have the ability to see any information or have the ability to make changes to accounts. This should get escalated to second level support.
But regardless, a single account may get compromised, but at least you can't feed partial data from one social engineering attempt into another company, which is what apparently is happening more and more because of impedance mismatches with what everyone uses.
Every single customer-facing company needs to have STANDARDIZED security/information protocols. This includes taking in same information, and only giving out the same information. This should solve this problem.