The enterprise mistakenly sent the personal information of a handful of borrowers to one of its third-party providers. Normally, these files are anonymized.