It's kind of interesting, because hacking is a skill that could be used for criminal purposes or legitimate purposes, and so even though in the past I was hacking for the curiosity, and the thrill, to get a bite of the forbidden fruit of knowledge, I'm now working in the security field as a public speaker.
People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures.
Think about it: if you were running a multi-million dollar company, and your database of customer information was stolen, would you want to tell your clients? No. Most companies did not until the laws required them to. It's in the best interest of organisations - when they're attacked and information is stolen - to tell nobody.