I remember some kid at a job fair in college handing out his resume on flash drives. I remember one of the booths saying “yeah, that’s not getting read.”
A smarter kid would then have it auto email their cyber dept with their resume and point out the vulnerability, and have their malware autoremove himself from the system before getting paid so he doesn't go to jail for it. And even then, it's illegal and a risky move just to try to get a job.
Also in real life, although more with "lost" USB sticks, than handing them out as part of a resume (although the effect would be the same).
If people encounter an unlabelled USB stick, they'll often try and plug it into to discern whose it was. So if you put some malware on it, you can infect a network that you might not normally be aware of.
Since their brand is on it, yeah. I would expect that if the company wants my business, they wouldn't put their name on shit quality products. Especially if it can lead to their would-be customers losing data. It kind of baffles me that they think this is a good way to impress me.