when i briefly consulted for a security firm working for banks, i learned that most banks takes daily hits as high as 100,000 and they don't even get reported to the police as to not generate any public record. most get reported to the insurer, which also avoid reporting it in most cases. i confess i never got the whole picture. but most issues I've been involved with was to try to track down the internal people, if any, and the exact means used. and this only over for criminal reports if we did find something conclusive and it was overseas. if it was local it was usually dealt with lawyers and such out of the records.
edit: forgot to mention it wasn't the us. but the banks were american.
edit: forgot to mention it wasn't the us. but the banks were american.