That's so sad. It is also sill that someone in the I.T industry would make such a foolish mistake. Furthermore, the ironic thing is they encrypted their USB to "protect it" By using security and "protecting it" they shot themselves in the foot. No point trying to protect something that is under no threat. They should never have encrypted it and rather just kept it somewhere where it stays offline and safe.

The chances of this happening vs the chances of being hacked are way off.