
The data belonged to customers who applied for credit cards at the Royal Bank of Scotland (RBS) and bank.
The RBS gave the computer to archiving firm Graphic Data who then “inappropriately sold” on the computer to a third party, according to an RBS spokesperson.
A spokesperson said the firm is conducting an investigation into how the equipment was removed from one of Graphic Data’s secure locations.
Both companies expressed their “regret” in different statements but encryption vendors are asking why the data was not encrypted.
Chief executive of Frank Schlottke, said: “Instead of looking at specific technologies such as laptop or USB encryption, the focus should be on encrypting files and folders at source.”
Michael Callahan, 's senior vice president and chief marketing officer, added: "Dealing with third-party firms is a routine business transaction, but you cannot always rely on a third party to have as stringent security systems in place as your own.”
The loss comes as new research by finds the top challenge facing companies is data leakage prevention. From the 99 information security experts surveyed, 69 per cent rated this as their top issue.