Companies really need to re-evaluate what they ask as security questions.

If I know your name and your approximate date of birth (to the month) then, here in the UK at least, I have a very good chance of being able to find out your parents names, your mother's maiden name, your address, your parents address (i.e. probably where you grew up and what school you went to), your parents ages, when they got married, etc. - and all from publicly available info, not illegal crap you find on Tor or social media stalking.

This isn't hard to find if you know where to look - the problem is that people think that it's all private, and behave as such - and companies encourage it. The typical "internet safety courses" don't even touch on it, and even more tech savvy people I know often don't have a clue this is possible.