Germany's biggest breach of banking details is a wake-up call to all organisations handling personal data, say security experts.
At the weekend a German economic magazine reported that cybercriminals were offering 21 million bank account details for sale at around £10m.
Journalists from the magazine WirtschaftsWoche claim to have received a sample CD containing 1.2 million bank account details after posing as buyers.
The sample CD contained details such as names, addresses, phone numbers, dates of birth and bank account numbers.
The data is believed to have been collected from call centre employees, the magazine said.
Graham Cluley, senior technology consultant, at IT security firm Sophos said all companies need to pay proper attention to restricting access to data.
"If this can happen in Germany, it could happen in the UK too," Graham Cluley said.
Not enough organisations are taking appropriate steps to ensure sensitive data is secure, said Cluley.
This kind of targeted data theft is a much bigger concern than when data is lost accidentally, said Guy Bunker, chief scientist at security firm Symantec.
When CDs containing data are lost, it will not necessarily be exploited because not everyone would know how to do that, Guy Bunker said.
When data is stolen, said Bunker, it is usually channelled through the distribution network of the underground economy and it is much more likely to be used to commit other crimes.
All data loss remains a concern, he said, because although inadvertent losses may not lead to other crimes, it will damage the reputation of companies to look after data properly and that could lead to customers going elsewhere.