hmm
not a big issue?
So what can be done with
A first and last name,
A house address
A phone number and an email address...
times 3 million.
I'm pretty sure that that amount of information is more then enough to start an op of some sort.
Maybe first start with a mail shot including a survey of what banking service people use, have a list of banks and such like (have it as a customer satisfaction survey, what bank, how do you find their customer service etc etc etc)
Now assuming a meager 10% return you now have above details + bank service name.
ooook ay - now we could use the list to harvest some more information - favorate animal, colour, mothers maiden name, favorate numbers, so on so forth. Before you know it you've got 750 thousand reasonably good profiles for extensive phishing raids not including the 300 thousand or so you have actual banking knowledge of (do they use online banking, do they use mobile banking, yadda yadda yadda, do they use phone banking.)
Hey you could also do some phone phishing once you've harvested some of the above details - "Hi is that Mr xyz, I'm calling from "insert your bank name", inorder to confirm my legitimacy I shall give you some of your security details, your mothers maiden name is "xyz", your favorate colour is "xyz" and your home address is "blah blah." Could you in turn confirm your account number and the security code on the back of your card?" Out of 100,000 maybe you get 1,000 results from the phone phishing, maybe more. Plus pick up some passwords on various harvests, you should be well away.
Course you can also sell all the mail addresses to spam houses at the same time.
Jeez there are alot of ways you could capitalise that kind of data.
I think losing that kind of data is pretty darn damming.