The Information Commissioner launched an investigation yesterday after it was revealed that thousands of Britons' bank details are available for sale on the internet.
The Times newspaper said it had found more than 100 websites offering to sell UK bank details, including account numbers, PINs and security codes, and had been able to download banking information for 32 individuals, including a High Court Judge, for free.
One fraudster was offering to sell 30,000 British credit card numbers for 1 each, the newspaper reported.
A spokesman for Richard Thomas, the Information Commissioner, said the data on offer appeared to be for accounts that were currently active.
"From what I have seen the information would be enough for someone to go online and spend money, but at this stage there is no way of knowing which cards are on there," he said.
"Clearly it's a matter of concern if people's personal banking details, which should remain private, are on a public website.
"What we are going to do is look at the evidence the Times has given us and how people's numbers appeared on these websites."
He said the investigation would intially focus on what security breach, if any, had taken place to allow the information to get into the public domain.
If the data was acquired fraudulently, or by theft, the matter would be passed to the police as a criminal inquiry.
Mr Thomas will address a House of Commons committee on Tuesday to ask to be given extra powers to tackle data protection breaches.
Currently, if a company is found to have broken the Data Protection Act, the Information Commissioner will issue an enforcement notice in the first instance, requiring it to comply with the Act.
If this notice is breached, the commissioner can then prosecute the organisation involved.
One concern with today's revelations is that the websites involved may be based overseas, which would put them beyond the Information Commissioner's remit.
James Jones, a consumer education manager with credit reference agency Experian, said the discovery was a "huge concern".
"The authorities need to act immediately to close these sites down," he said.
"This information is very very valuable to criminals - it will not only allow fraudsters to access the individuals' accounts, but also there is probably enough information for them to create new accounts."
Mr Jones said it was vital for bank customers to monitor their accounts and credit reports.
"People shouldn't panic, because unless you have been careless with your details you won't be liable financially, but customers need to keep a very close eye on bank accounts and credit reports to make sure people aren't trying to apply for new cards in their name."
Today's discovery comes as public concern about data protection is growing: HM Revenue and Customs has yet to find the two lost CDs containing the entire child benefit database of 25 million people, which disappeared a fortnight ago.
And the News of the World reported that two CDs containing National Insurance details for 18,000 individuals had been found at the home of a former contractor to the Department for Work and Pensions who had forgotten to return them.Reuse content