Barclays Bank has launched an urgent investigation after thousands of confidential customer files were apparently stolen and sold.
The Mail on Sunday claimed that an anonymous whistleblower had presented it with a "gold mine" of personal data on 2,000 Barclays customers, including their passport and national insurance numbers. A further 25,000 files were also available.
It is said to be worth millions for unscrupulous salesmen to use on the black market for investment scams.
The whistleblower said: "The data is a gold mine for traders because it is so incredibly detailed. It gets them inside the customer's head."
The customers in question are believed to be a diverse group including doctors, businessmen, scientists and a cleaner, who had originally contacted the bank seeking financial advice from Barclays Financial Planning in 2008, which was shut down three years later.
Barclays, which was fined £290 million in 2012 for its part in the Libor rigging scandal, said it had contacted regulators and was grateful to the Mail On Sunday for bringing the leak to the company's attention.
A Barclays spokesman said: ''We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data."
He said protecting customers' data remained a "top priority", adding: "This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator."
Financial commentator David Buick said the report was alarming: "It's the breach of trust... you as an individual actually knowing that your personal details about your life have been passed on to potentially an unscrupulous individual who will try and behave like a maverick and capitalise on your life.
"If this is proven it is absolutely disgraceful."
The Information Commissioner's Office said it would be working with the newspaper and police, who were seeking more details.
If true, the loss of data would be a breach of Barclays' obligation under the Data Protection Act to keep personal information secure. The bank could face a fine of up to £500,000.