Back in 2005 I started a new job with a large UK based gambling company.
I think it might have been my 2nd week with the company and I got pulled into a meeting with The CIO. I was unsure if i'd done something wrong
Apparently a project manager had let themselves into the server room, plugged a USB drive into a server and taken overnight backups so that our 3rd party vendors could diagnose a fault.
obviously the files were encrypted, but the PM had written the password on a postit note and put it in the parcel and sent it first class unregistered post.
the details on the files were photocopies of driving licences, bank details, addresses and photos from the casino.. including many high profile celebrities.
needless to say, the disk got lost in the post. - it's not always malicious, but often incompetence that can cause a data breach