What has to be the biggest black eye for the US banking industry in recent times had nothing to do with phishing attempts, it didn’t have anything to do with intercepting and brute forcing SSL packets, and it didn’t have to do with any root keys escaping into the wild.
What it does have to do with is a shady person talking high level bank employees into stealing the details of the banks customers and to go on and hassle people based on false collection claims, not to mention potential identity theft attacks as well.