The personal information of 25 million people stored on the missing computer discs is enough for criminals to steal goods and money worth hundreds of millions of pounds, experts said yesterday.

Armed with names, addresses, dates of birth, child benefit numbers, national insurance numbers and bank or building society account details, fraudsters have enough information to create bank accounts online and then spend any loans that they take out.

With social engineering – where criminals ring up a bank’s staff and pretend not to remember their password – they can also hack into the accounts of the people whose details have gone missing.

As many people use their children’s names as online passwords, the information the criminals need to access the accounts has already been handed to them.

Q&A: how can I protect myself?

Advice for anyone who fears their personal data may be misused by fraudsters after Britain's worst ever security breach

• Government under pressure over taxman's giant blunder

Related Internet Links

• Online security: full coverage

Background

• Police step in as other CDs have gone astray

• Moment’s blunder puts half the country at risk

• Data watchdog seeks dawn-raid powers

• New data law 'urgently needed'

Related Links

• Blunder leaves 25 million exposed to ID fraud risk

• Pressure on Government over taxman's blunder

At the very least they would be able to order credit cards and spend thousands of pounds on each one. Alternatively, they could sell the credit cards for £100 a time.

According to figures published by the Home Office in February last year, the official estimate of identity fraud is £1.7 billion, but this is not exact and experts say that it could be a lot more.

David Hill, senior security consultant at red24, a global personal security agency, said: “If this information fell into the hands of a fraudster they would need nothing more to hack into accounts because they have been given everything they need.

“Having a national insurance number is as good as having a passport.

“Even though they do not have a password it is not very difficult for a good criminal to get this by persuading bank staff they have just forgotten it or by trial and error.

“Even if they cannot get into your account they can open one up in your name and buy goods with it. This will have an additional cost as someone has to pay for this fraud when it is discovered.”

Mr Hill, who is the former head of Gwent CID and was commander of the western area of the National Crime Squad, added: “If they do need extra information, like mother’s maiden name, they can easily get it from a birth certificate.

“To simply send this information through the post is grossly incompetent. There are 25 million people whose details have been lost – imagine if criminals get this information and only take £10 from each person.”

According to figures released by Cifas, the fraud prevention service, identity fraud accounts for a criminal cashflow of £10 million a day.

There are proven links between identity fraud and organised crime and it can aid criminals involved in illegal immigration, drug trafficking and money laundering.

In the 12 months to March, about 2,500 fraudulent applications for driving licences were detected by the Driver and Vehicle Licensing Agency.

Neil Munro, external affairs director of Equifax, the credit reference agency, said: “This is probably the biggest incident of its kind we’ve ever come across – it’s a security breach on a stellar scale. If names, addresses and dates of birth fall into wrong hands then that is a problem – but this includes bank account details as well, and that is even more dangerous.”

He said that people should not panic but they should keep a close eye on their accounts and monitor any expenditure.

Explore UK News

• Crime News

• Education News

• Health News

• Science News

• Scotland News

Times Recommends

• The day they dropped a bomb on the banks
• Methodist minister sent herself hate mail
• Japanese insect to be used to fight knotweed