The public website of a financial services provider was attacked using SQL injection. Poor design of the site's technical configuration made it vulnerable to the attack. This resulted in the attackers sending a large number of "phishing" emails to staff. This caused a lot of disruption for about a day. After the attack, the company changed its website configuration and also trained staff on security risks.
You can download the full results of the 2013 Information Security Breaches Survey here.