The unencrypted tapes were lost during transit in March

Why the hell were the tapes unencrypted?  Hopefully there will be consesquences (for the company, not its customers!).

Usually complaints from the Business, or BCP type groups claim that the Return to operations (RTO) takes longer with encryption. This is why the fine needs to be large enough to make it not just a cost of doing business, espeacially when placed next to expensive downtime. Otherwise the corp will take the self-interest option and not take the due care needed. Also its worth noting if they perceive the probability of being caught low they will also be more willing to see this as a long term cost of doing business. As individuals we see the moral side, but for the project manager or business they see the conflicting group interest of the group who pays them to deliver! (this is a stronger incentive) This is exactly why banks need institutional pressure to keep the wider interest of society in the picture.

As someone once said “Corps have neither bodies to be punished, nor souls to be condemned, they therefore do as they like” i.e. the bigger they get the less moral compass they have!

I love the way such announcements quick add, "there is no evidence that the data has been misused" as though anyone expects the bank to take too much efforts to collect evidence of misuse! Instead of such vague commitments, I hope regulators compel banks to instead gather evidence that the compromised data is not not being misused.