A Wyoming bank sent an e-mail containing sensitive customer data to the wrong Gmail account, and now wants Google to reveal the identity of the account holder who received the data.

According to a court document in the case, in August a customer of the Rocky Mountain Bank asked a bank employee to send certain loan statements to a representative of the customer. The employee, however, inadvertently sent the e-mail to the wrong Gmail address. Additionally, the employee had attached a sensitive file to the e-mail that should not have been sent at all.

The attachment contained confidential information on 1,325 individual and business customers that included their names, addresses, tax identification or Social Security numbers and loan information.

After realizing what he'd done, the employee "tried to recall the e-mail without success."

When that didn't work, the employee sent a second e-mail to the recipient instructing the person to delete the e-mail and attachment "in its entirety" without opening or reviewing it. The employee also asked the recipient to contact the employee to "discuss his or her actions."

Silence ensued.

That's when the bank sued Google to identify the recalcitrant recipient.

Google said it wouldn't comply without a court order, and even if it does receive a court order, its policy is to notify an account holder and give the person a chance to object to the disclosure of his or her identity. The court is considering the bank's request.

In the meantime, Rocky Mountain Bank filed a motion last week to seal the entire case until the court decides whether to force Google to reveal the recipient's name, saying it didn't want its customers to learn about the breach, because it would create panic and result in a surge of inquiries from customers.

It wants the information under seal until it can determine from Google whether the Gmail account in question is active or dormant, and whether the sensitive customer information is actually at risk of being abused.

A federal judge in San Jose, California denied the bank's request to seal on Friday.

"An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public's common law right of access to court filings," wrote Judge Ronald Whyte in his ruling, noting that the bank doesn't have to wait to advise customers that an unauthorized disclosure of information occurred.

The initial complaint filed against Google is currently under seal because the judge has asked the bank to redact the Gmail account from its filings. But the judge's response to the request for a seal is not itself sealed and it's within this document that details about the breach are revealed (.pdf).

(Hat tip: Information Week)