LONDON (AP) — A computer containing banking security details of more than 1 million people has been sold on eBay, bank officials said Tuesday — the latest in a series of losses of personal data in the U.K.

The Royal Bank of Scotland acknowledged that a machine belonging to archiving company Graphic Data and sold "inappropriately to a third party" had information on credit card applications from some RBS customers and data from other banks. The computer contained account numbers, passwords, mobile telephone numbers and signatures.

"We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency," RBS said in a statement.

A former employee from Graphic Data sold a computer server used by the company on eBay without wiping the internal hard drive, said Nicole Morgan, a spokeswoman for MailSource UK, which now owns Graphic Data.

The buyer, Andrew Chapman, said he found the data when he looked at the machine's hard disk.

"I was appalled when I found the bank account information. That sort of thing shouldn't have been listed on there," he said. "It would have been possibly quite easy to find if you know something about computers."

The security breach became known when Chapman found the information and contacted authorities.

Britain's Information Commissioner's Office, the government agency responsible for protecting people's privacy, has launched an investigation into the incident.

"We are now investigating this potential data breach and will be seeking an urgent explanation from Graphic Data to establish what has gone wrong and the steps that are being taken to prevent a similar incident occurring," the information watchdog said in a statement.

Morgan said MailSource UK, based in Richmond Upon Thames in southeast England,is investigating what happened.

"The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed," she said. "This incident is extremely regrettable and we're taking every possible step to retrieve the data and ensure this is an isolated incident."

eBay said the auction site has not yet managed to contact the buyer or seller.

"We have not seen the listing ourselves, but we do recommend people wipe hard discs before they sell computers," said spokeswoman Jenny Thomas. "We would not allow someone to openly sell bank details on our site but this seems to have been a genuine mistake."

Banks in Britain are obligated under the Data Protection Act to secure personal information. But banking and other highly sensitive information is being lost with increasing frequency.

Last year, Nationwide Building Society was fined nearly 1 million pounds after a laptop containing private customer data was stolen from an employee's home.

The breach comes after several high profile cases involving the loss of data by government agencies. Last week, a contractor lost a memory device containing information on prison inmates in England and Wales and in June, two sets of secret government files on terror tactics were left on commuter trains. The most dramatic data loss occurred in November when tax officials also admitted they had lost computer discs containing banking information on 25 million people — nearly half the country's population.

American Express also issued a statement saying an investigation was under way to determine whether any of its customers were affected.