Thanks to JPMorgan Chase, a Colorado woman's personal information wound up in a stranger's mailbox halfway across the country.

The bank sent the entire mortgage payment history of customer Penny Dougherty, including her loan number, full name, address and phone number to another customer in Massachusetts, according to CBS Denver 4. Luckily, the Massachusetts man who wound up with the documents was kind enough to contact Dougherty (h/t the Consumerist).

Becoming a victim of identity theft is easy enough without having bank documents delivered to a stranger. Earlier this year, the Federal Trade Commission reported that identity fraud was the primary source of consumer dissatisfaction over the last five years, generating 1.8 million complaints in 2011 alone.

If Dougherty's personal information had landed in the hands of an identity thief, debts could have been run up in her name, false government documents and counterfeit checks created. Like many identity theft victims, she may have lost lots of money before noticing the breach, especially if a potential scammer had intercepted her mail and sent it to another location.

Identity theft can also be a hard crime to prove. Last year, JPMorgan Chase tried to evict an identity theft victim from his house after the bank serviced a faulty mortgage. The builder from whom the victim bought the place allegedly stole his identity and took out a $376,703 home loan in his name.

In recent years, cyber-security threats have made personal data even more vulnerable. In April, about 1.5 million credit card numbers were exposed after hackers breached the online system of a major payment processing company. Then last year, Citigroup had to reimburse $2.7 million to customers who lost money after a cyberattack on 360,000 user accounts.