They shouldn't be emailing around "highly confidential brokerage account information" in the first place. It should be locked down in some internal system. Poor practice from GS that caused it all in the first place.
Having worked at a similar iBank, I can assure you most people don't give a rat's ass about proper procedures until they're caught. Why it was even possible to send an email to an external address with such an unencrypted attachment is a bigger question. I hope the lucky recipient finds a high bidder for said information.
This is 100% true, but does that mean that they should experience a data breach as a means of teaching them a lesson? Seems like that could create a lot of collateral damage among the affected account holders.