I just can't imagine anyone exfiltrating the data on a corporate level at any scale without raising alarms. It's just not realistic, once it leaves the board it's pretty easy to see over a network.

Now specific targeted attacks is more believable, at that point though I'd think a one off MITM hardware swap would be more likely.