The personal details of around one million bank customers has been found on a computer bought on eBay for £35 (AUD$75).
Information of American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive, the Daily Mail reports. Details included names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.
According to the Web site of the Mail on Sunday, the computer was bought by IT manager Andrew Chapman of Oxford who discovered the data when checking the hard-drive.
The Daily Mail reported that an ex-worker for archiving firm Graphic Data sold it for £35 on eBay without removing sensitive information from the hard drive. Calls to Graphic Data were not returned at time of writing.
Both American Express and NatWest/RBS were unable to comment at time of writing.
The news follows the U.K. Home Office admission that one of its contractors had lost a computer memory stick holding the details of 127,000 criminals.
Nick Lowe, CheckPoint's regional director for Northern Europe said: "It seems that some organisations are still saying 'it can't happen here'. This latest incident involving data on American Express, Natwest and Royal Bank of Scotland customers shows that it can happen, all too easily."
"Securing any kind of sensitive data has to be automated, so that employees or other users cannot alter or stop the security processes. Organisations have to protect their data, themselves and their employees against the risks of possible data leaks, and automation is the only way to do that."