The bank is certainly at fault and the cause of the mess, but Google and the errant recipient also share some degree of responsibility or even liability. If the receipient disregarded the message and did nothing with the data, he is off the hook. On the other hand if he chooses to exploit the data, then he is guilty of fraud and perhaps other crimes. This would be no different than the post office delivering a person a check by mistake, then the recipient cashing it.
Likewise, Google must bear some responsibility as well. If they were notified of the mistake and had the opportunity to prevent further exploitation but refused, they would have to share some liability as well since the problem was exasperated by Google's inaction. If fraud was proven, Google could at least be sued (probably unsuccessfully) civally. If it is proven that the recipient used the mistakenly sent data fraudulantly and Google had sufficient notification and opportunity to have prevented it, they could possibly be considered an accessory.
Keep Up with TechRepublic