The details of up to 3,000 patients have been lost after a laptop was stolen from a GP surgery in Newport.
The computer contains clinic lists including names, addresses, dates of birth and telephone numbers. It went missing on 5 November from St Julian's GP surgery in Newport, but patients were not immediately informed.
There was no medical information or national insurance numbers on the computer, according to Hugh Ross, chief executive of Cardiff and Vale NHS Trust, and he said it was protected by three levels of security.
Ross confirmed the details of 950 patients had definitely gone missing, but said on BBC1's Dragon's Eye programme that as many as 2,000 to 3,000 patients could be on there. He said in a statement, "It is possible that further patient records, which were due to be deleted, may still be stored on the computer. The Trust has no way of knowing if this is the case unless the laptop can be recovered."
The 950 patients were taking part in a screening service for people with eye problems, and their data also linked to an image of their retina.
Ross added an internal investigation would be carried out into the Trust's security measures, and that local police had been informed when the computer was found to be missing.
The theft comes amid a raft of admissions from government departments about lost or stolen data, leading to increasing fears over the safety of public data held by government.
Paul Malcolm, general manager of healthcare supplier Sentillion, said, "It is vital that the right technologies and policies are being put in place to ensure that data is adequately protected."