I haven't read of any documented cases involving a bank, but it wouldn't be highly publicized.
The thing is, it isn't hard to do, or so I am told. Think of the servers it goes through and where it may be subject to a back-up programs. It doesn't even have to sniffed out.
I also encourage people to password protect the attachments they use, especially Word and Excel. I demo'd this at the ABA Grad School and showed how a cracker program can easily open those with simple words or few characters.
I also showed an Excel attachment I have received a few times because the sender doesn't understand domain addresses. I sent them notices, but when they send me HMO reports on a bank with a similar address time and again, they became teaching samples.
I have received Putnam 401k information, names and SSANs to access credit reports, sales presentations, secutity sales requests. Lots of neat stuff.
Why would I get this you ask? I don't sniff this out, but anything sent to a nonexistant e-mail address to one of our domains comes to me as Webmaster. Mis-sent e-mail doesn't always bounce back.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell