Bank-grade security

from here

Although it wasn't a bank, per se, that was fingered in this article, it was definitely a bank (or banks) that outsourced to the offending company. It's still the responsibility of the bank to keep that data safe and secure and clearly they didn't do that.