The records of more than three million British learner drivers have gone missing from a “secure facility” in the US, an embarrassed Government admitted last night.

Labour’s dismal autumn hit another low as, minutes after ministers admitted that they still did not know the whereabouts of two discs holding sensitive information on 25 million people, they were forced to confess they had lost the details of all candidates for the driving theory test between 2004 and 2007.

Opposition politicians raised questions last night over whether the Government could safely go ahead with plans to place the records of 50 million health service patients on an electronic database, its “spy-in-the-sky” scheme to monitor every journey by 33 million vehicles, and national ID cards.

The latest security breach came as The Times has learnt that ministers are toughening sanctions against the wilful abuse of data — making it an offence punishable by a two-year prison sentence rather than a fine.

Q&A: how can I protect myself?

Advice for anyone who fears their personal data may be misused by fraudsters after Britain's worst ever security breach

• Government under pressure over taxman's giant blunder

Related Internet Links

• Online security: full coverage

BACKGROUND

• Police step in as other CDs have gone astray

• Moment’s blunder puts half the country at risk

• Data watchdog seeks dawn-raid powers

• New data law 'urgently needed'

Related Links

• Gordon Brown’s Winter of Disc Content

• Prison for those failing to safeguard records

• Information and Knowledge

The driving test records from September 2004 to April 2007 have gone missing from a facility in Iowa City, Iowa.

Names, addresses and phone numbers — but not financial data — were among the details on a computer hard disc that was found to have disappeared in May.

They were at the site of Pearson Driving Assessments, a private contractor to the Driving Standards Agency that designs the software for the theory test, administers the test, books people in for it, and then keeps their records. The company performed this task from Minnesota, then sent the disc containing all the records by secure courier to its facility in Iowa.

It was booked as having arrived but when staff looked for it in May they could not find it and alerted the agency.

Government officials insisted last night that the breach was of a minor order compared with recent ones and said that most of the information would be available in the telephone book.

Ruth Kelly, the Transport Secretary, who told the Commons about the breach on its penultimate day before the recess, was told only on November 28 after a data audit she had requested in her department.

The Times has been told that the agency informed Stephen Ladyman, a former junior transport minister, last June and Pearson was asked to carry out a full review of its security arrangements. Ms Kelly reported it to the Information Commissioner and he had judged the risks presented by the loss were not “substantial” as the details did not include bank account details, national insurance numbers, driving licence numbers, dates of birth, a copy of the signature or the result of the test.

The Transport Secretary also said that the disc was “formatted specifically to fit Pearson configuration” and was not easily read by third parties.

Because banking details were not included in the lost data, individuals are not being informed, she said.

But Ms Kelly apologised for anyone for any “uncertainty or concern” caused. An advice line has been set up by the agency.

Theresa Villiers, the Shadow Transport Secretary, said that the Government was failing in its duty to obey its own laws on data security and called it further evidence of a “systemic failure” in handling private data.

Ms Kelly’s surprise statement came after Alistair Darling, the Chancellor, told MPs that there was little progress in the inquiry into the loss of the two child benefit discs, despite widespread police searches and the offer of a £20,000 reward for their return.

Mr Darling said that the police had no intelligence of data falling into “the wrong hands” and banks had “no evidence of any activities suggesting evidence of fraud”.

Mr Darling said that Kieran Poynter, the PricewaterhouseCoopers chairman appointed to lead the investigation into the incident, “says his work is far from complete and his conclusions will develop as his work progresses”.

Philip Hammond, for the Conservatives, said that it had been “the most catastrophic data security breach in British history” and criticised Mr Darling’s early explanation that a junior official who had not followed the rules was responsible.

“Responsibility for systemic failure does not lie with junior staff — it lies at the very top,” he said.

“In the face of the overwhelming scale of systemic failure, this statement can only be described as a wholly inadequate response from a wholly inadequate chancellor.” Meanwhile, an efficiency review of Revenue & Customs found that “the senior leadership has not been successful in injecting pace, confidence and dynamism throughout the department”.

The top team “has more to do to demonstrate that it can take the tough decisions required to set priorities and to bring about organisational clarity”. It also needed “a robust plan” to resolve staff “uncertainty” and be clear about what Revenue & Customs would look like in the future.

On another inauspicious day for No 10 and No 11, a similar review of the Treasury found that the department commanded by Mr Darling and for ten years by Mr Brown could improve its “outcomes” if it acted with “greater humility” and in a more open and inclusive way.

Times Recommends

• Shrinking violet Gordon turns into raging bull
• Eddie Izzard: 'I keep thinking if I do all these things she'll come back'
• Is sex for the disabled the last taboo?