Barclays owned credit-card firm Goldfish has sent the wrong account details to customers after a processing error at the printer the company uses to process statements.
The company said a processing error meant the statements were printed incorrectly. The front page was correct, but subsequent pages contained the account information of other people.
"Customers will be receiving a correct statement within the next few days, as well as a letter of apology. We are taking steps to ensure that this does not happen again," said Goldfish in a statement.
A spokesman from the Information Commissioner's Office (ICO) said it was investigating the matter.
"We are looking in to this incident and will require an explanation of what has gone wrong and the steps that are being taken to prevent a similar data breach in the future. The ICO has powers to take enforcement action against organisations which fail to meet their obligations under the Data Protection Act," it said.
The incident has highlighted the importance of financial services firms checking the processes and procedures of companies to which they outsource back office functions.
According to the Financial Service Authority's (FSA) Data Security in Financial Services 2008 report, which analysed 39 companies across the sector, nearly all firms questioned rely on IT support from third parties.
The financial services watchdog said it was a "major concern" that firms are not checking that outsourcing suppliers have the right IT security and policies in place for handling their customers' details.
Goldfish is not the first financial services firm to mix up the details of its customers in the printing and processing of customer correspondence. In November, Allied Irish Bank (AIB) sent 15,000 payment advice slips to the wrong addresses following a technical problem.