Re: Here we go again
> I suggest the sender wasn't doing anything they would have considered out-of-the-ordinary, ie. in the department they worked in it was normal everyday practice to email sensitive stuff
The sender thought they'd erased it. Even the security services have been guilty of this error: "redacting" data in a PDF, only to find that the original text is behind black rectangles which can easily be removed.
It's still very stupid to:
1. Take a "live" file and clean it out, for use as a template. Many document formats keep a changelog internally. Solution: publish the original templates somewhere.
2. Have valuable data in hidden fields in a spreadsheet, just so that some formula can look it up. Solution: write a proper application which talks to the database (and the user is authenticated)