The UK's second largest bank Barclays has launched an investigation after the personal details of 27,000 customers were stolen and sold on the black market.
Initial findings suggest the files were linked to the bank's Financial Planning business, which closed in 2011.
"This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator," the bank said in a statement.
Confidential customer information appears to have been stolen and has ended up for sale on the black market, as first reported by the Mail on Sunday.
The data leak is a new blow for the British bank after a string of scandals for mis-selling payment protection insurance and manipulating benchmark interest rates, which have resulted in billions of pounds in fines and compensation payouts.
The bank could face new fines should it be found at fault over this data leak.
Britain's data privacy watchdog, the Information Commissioner's Office (ICO), can impose fines of up to £500,000 (A$914,417) for serious breaches of the country's data protection rules, while Britain's financial watchdog, The Financial Conduct Authority, has the power to impose unlimited fines.
The ICO said in a statement that it would be working with the newspaper and police to find out what has happened.
The leaked details reportedly date back to 2008 and include information such as names, address, medical records, insurance details and passport numbers of customers that had contacted Barclays Financial Planning seeking financial advice.
"Protecting our customers' data is a top priority and we take this issue extremely seriously," Barclays said in its statement.
"We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible."
Barclays has been trying to rebuild its reputation after becoming the first bank fined for its part in a global scam to manipulate Libor benchmark interest rates in 2012. The Libor scandal led to the resignation of chief executive Bob Diamond and chairman Marcus Agius.
The Financial Conduct Authority said in a statement it would work with Barclays to understand what steps consumers may need to take.
“Consumers rightly presume their data is safe with their bank, and this should serve to remind all firms how important it is they have the correct procedures in place to ensure data is secure and used appropriately. We will continue to investigate the issue with Barclays over the coming days.”