Over the last 18 months an advanced attack against 2,500 companies and government agencies has been playing out. It is currently still underway. NetWitness has reported that PII, corporate documents, and payment details have been compromised using botnets, most frequently ZeuS malware.
I do not know if this is just coming out, or if other reports have been made previous to this.
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP