UK Information Commissioner Richard Thomas has called for an immediate investigation after The Times claimed that it had been able to download the information for 32 UK customers.
One individual was reportedly willing to sell up to 30,000 British credit card numbers for as little as £1 each.
An Information Commission spokesman said that the details on sale seemed to be for active accounts and could be enough for someone to spend money online.
Brian Spector, general manager at information security company Workshare, warned that the government had to act now.
"As major security breaches make their mark on the UK's consciousness, the true cost of a data breach is being revealed. Millions of people are at risk of fraud as their details are made available online for as little as £1," he said.
"We strongly believe that the government should introduce more stringent data breach laws and prosecute any organisation which takes such a laissez faire approach to protecting customer data."
Spector added that there is no excuse for major data breaches as the technology is available to enforce security policies to prevent leaks from occurring.
"But without punitive measures in place for breaches, organisations will sadly continue to adopt this 'it won't happen to me' attitude," he said.
This latest issue comes hot on the heels of the government's losing 25 million individuals' data, and misplacing two discs with the details of 15,000 Standard Life customers.
Bank details for sale on the web
By Matt Chapman on Dec 4, 2007 10:04AM