Personal details of more than a million bank customers have been found on a computer sold on eBay.
Highly sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive.
It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.
It was described as 'a data thief's treasure chest', with everything a criminal needs to assume a customer's identity - and clear out their bank account.
The massive data loss - one of the worst ever in Britain - is a clear breach of the banks' obligation under the Data Protection Act to keep all personal information secure.
Coming just days after the Home Office admitted losing the details of 127,000 criminals, it is certain to fuel public concern about how Government and businesses look after our secrets.
Last night it was revealed that a second computer from the same site has gone missing, meaning yet more information could have been leaked.
IT security expert Adam Laurie said: 'This is appalling. This information is worth millions - a thief could easily use it to go on an enormous shopping spree.'
Liberal Democrat spokesman Tom Brake said: 'This is yet another example of a seemingly trusted organisation appearing to be sloppy with people's personal information.
'This kind of data is invaluable and needs to be treated as such. People are entitled to wonder why they are constantly being told about the importance of protecting personal information when large organisations don't seem to follow the same rules themselves.'
Both American Express and NatWest/RBS claimed they need to establish how many customers are affected before deciding how to act.
'But it is likely that everyone whose details have been exposed will be forced to change their credit cards and bank accounts.
Liberal Democrat spokesman Tom Brake described the data loss as sloppy 'The companies involved could also be fined.
Last year the Financial Services Authority fined Nationwide £980,000 after it lost a laptop containing customer information.
'The banking information was being held by the archiving firm Graphic Data, which copies paperwork from some of Britain's biggest financial organisations, then stores it digitally.
It was on a computer previously used at the company's archive in Shoeburyness, Essex.
A former employee sold it on eBay for just £35.88 earlier this month. Crucially, he did so without first erasing the internal hard drive.
It was only when buyer Andrew Chapman started looking at the hard disk that its astonishing contents came to light.
Mr Chapman, a 56-year-old IT manager from Oxford, said: 'I couldn't believe it. In front of me was reams of extremely confidential information about thousands and thousands of people.'
Some of the data first belonged to NatWest and includes thousands of applications for credit cards.
They have the applicant's name, address, date of birth, email address, bank account number, sort code, mothers' maiden name, card number and signature.
There are also 1,314 credit card balance transfer requests received by American Express.
Each contains the customer's name, address and signature and the numbers of the cards. Information from RBS included yet more card applications and credit checks.
The Information Commissioner's Office said it would investigate urgently.
Graphic Data said: 'Certain pieces of IT equipment have been removed from a secure area. We are seeking to recover this equipment, which apparently contained customer data.
'We take customer privacy and data security very seriously.'
A spokesman for NatWest/RBS said: 'RBS and NatWest take data protection extremely seriously and have very strict procedures to ensure the security of information at all times.
'Any breach of these procedures is totally unacceptable and is investigated as a matter of urgency.'
American Express said it was 'looking into it'.
The scandal is the latest in a series of high-profile data security breaches.
Just last week the Home Office admitted one of its contractors had lost a computer memory stick holding the details of 127,000 criminals.
The blunders have increased public distrust of the authorities' ability to keep their personal information secret - and increased opposition to the proposed national identity card scheme.
Case study
As someone with a limit of more than £20,000 on his credit card, Christopher Tomlins was shocked to learn that NatWest has lost the information that could give anyone access to his account.
When told about the breach by the Daily Mail, Mr Tomlins, 32, said: 'It is like they have given my house keys to a stranger and then said, "Help yourself".'
Mr Tomlins's personal information is revealed in a photograph of an application for a NatWest 'black' credit card he made on April 14, 2005.
The completed application form contains his name, address, date of birth, mobile phone number and home phone number.
It also reveals his mother's maiden name, signature, annual income, bank account number, bank sort code and the 16-digit number of the credit card he was granted.
Yesterday Mr Tomlins, who runs his own lighting company in Ealing, West London, said: 'I am amazed that NatWest have let this information get out. If the company looking after the information was getting rid of the computer, they should have destroyed the hard drive.'
Mr Tomlins's details were contained on one of 227 photographs of separate credit card application forms found on just one of 32 computer files containing NatWest card information.