I met someone who did as well. Explaining to her that she now needed to inform her credit card company about it, and also needed to make sure that he information wasn't used for anything malicious before the company could update it was an interesting experience.
