A small bank in Wyoming made a double-oops last month. They sent some sensitive information to the wrong Gmail address, but also included a document that shouldn’t have been sent at all. They didn’t want their customers to learn of the breach, so they’ve sued Google. Huh?
A customer of the Rocky Mountain Bank asked to have some loan documents sent to one of their representatives. The bank sent the documents to someone with a similar e-mail address, and also included an attachment that held informtion on 1,325 other customers — names, tax ids, social security numbers, etc. Amusingly, the bank employee then “tried to recall the e-mail without success”. Yeah, I don’t think so. You can read details about the breach here (PDF).
So far, Google is holding strong. They say they won’t comply with a court order, even after which their policy is to notify an account holder and give the person a chance to object to the disclosure of their identity.
This is really so simply it’s stupid — if you want to keep a low profile, don’t sue Google.