Indeed, they're only slightly less stupid than considering SSNs to be secret and then using those. As others also suggest, I always make up the answers, different per counterparty - there's no way I fully trust places like my work to keep these details securely, so it's worth compartmentalizing the risk