Here is an example of how this stolen information might be used by criminals. I happened to run across a good example of this in the News-Press (Southwest Florida):
Six people suspected of using stolen credit cards to purchase an estimated $8 million in WAL-MART and Sam’s Club gift cards were arrested in by Gainesville Police in a four-month ongoing investigation, according to a report released Monday by the Florida Department of Law Enforcement.The bogus credit-cards were being used to purchase high-end electronic merchandise and gift cards.
News-Press story, here.
*Update (3/23/07): An article from InfoWorld is stating that the data used in this scheme is part of the TJX data breach. InfoWorld story, here. It still isn't clear how the culprits obtained the information, or how they, had the information made into counterfeit instruments.
Symantec's report covers all the different methods information is being stolen. One of the more common methods is referred to as phishing. This normally happens when a person clicks on a link from a spam e-mail sending them to a fake site (requesting personal information).
Note that sometimes the fake sites only ask for your personal and financial details (referred to as social-engineering), but more and more, computers are infected with malware when someone is tricked into clicking on a link they shouldn't have.
Malware records people's personal details (automatically) and sends them back to the scammers.
Symantec's press release on their report, here.
If you are wondering why the retail crooks were buying gift cards. Here is a previous post, I did on that subject:
Why Buying Gift Cards on Auction Sites isn't a Good Idea