A small bank in Wyoming made a double-oops last month.  They sent some sensitive information to the wrong Gmail address, but also included a document that shouldn’t have been sent at all.  They didn’t want their customers to learn of the breach, so they’ve sued Google.  Huh?

A customer of the Rocky Mountain Bank asked to have some loan documents sent to one of their representatives.  The bank sent the documents to someone with a similar e-mail address, and also included an attachment that held informtion on 1,325 other customers — names, tax ids, social security numbers, etc.  Amusingly, the bank employee then “tried to recall the e-mail without success”.  Yeah, I don’t think so.  You can read details about the breach here (PDF).

So far, Google is holding strong.  They say they won’t comply with a court order, even after which their policy is to notify an account holder and give the person a chance to object to the disclosure of their identity.

This is really so simply it’s stupid — if you want to keep a low profile, don’t sue Google.