The Ministry of Defence has admitted losing the details of 600,000 people after the theft of a laptop from a Royal Navy officer in Birmingham last week.
The laptop contained the personal data of 600,000 people who have joined, or expressed an interest in joining, the Royal Navy, the Royal Marines, and the Royal Air Force, the Ministry of Defence (MoD) said in a statement on Friday. The laptop was lost on the night of 9 January.
The MoD also lost the bank details of approximately 3,500 of those people, it admitted in the statement.
"We are writing to some 3,500 people whose bank details were included on the database. Action has already been taken with the assistance of Apacs [the Association for Payment Clearing Services] to inform the relevant banks so that the relevant accounts can be flagged for scrutiny against unauthorised access," read the statement.
"Extensive personal details" of the 600,000 people, including passport details, national insurance numbers, driver's licence details, family details, doctors' addresses and NHS numbers, may also have been lost.
The MoD claimed to be treating the data loss with the "utmost seriousness", despite having failed to make a statement until Friday — nine days after the laptop was stolen. That statement followed "media reports" on Friday, and the MoD said it had not made the statement earlier following "consultation with West Midlands Police".
The secretary of state for defence, Des Browne, is due to make a statement to Parliament at 4.30pm on Monday.
The MoD has set up a helpline, details of which were contained in the MoD statement, for those who think they may have been affected by the theft.
Encryption company PGP Corporation said on Monday that this latest data loss, so soon after the HMRC debacle — which saw 25 million people's personal details compromised — shows that some elements of the public sector are still complacent about protecting citizens' data.
"With HMRC still fresh in the mind of both the public and the government, you have to question how such a catastrophe could be allowed to happen again," said Jamie Cowper, European director of marketing for PGP Corporation. "Though the government has been keen to demonstrate the need to address this growing problem, it is clear that a culture of complacency still exists within the public sector when it comes to defending our data."