I don't know how the social engineering happened, beyond what's mentioned in the article as a possibility (calling helpdesks). But there's a ton of corporate information that's widely available for exploitation.

LinkedIn, for example is a goldmine for social engineering, and there's no way to secure a profile from being viewed by logged-in users, even if they are unconnected.

I'm surprised more employers don't closely audit their employees profiles.