River City Bank had some explaining to do to customers. As described in their notification, a copy of which was submitted to the California Attorney General’s Office, the bank discovered a problem on September 29. An employee downloaded customer data to a personal storage drive and later sent it to a third party. The download was not part of their authorized access or duties.
The employee’s access was promptly blocked, an investigation began, and law enforcement was involved.
The notification does not indicate who or what the third party was, and what they suspect the data were to be used for — only that the bank had no evidence (currently?) that there had been any misuse of data.
You can read the full notification here.