Glasgow City Council has said it plans to write to 38,000 customers, businesses and citizens after an unencrypted laptop containing sensitive data was stolen from its offices a fortnight ago.
The Council said it believed the machine was stolen on 28 May from its Cochrane Street offices during a break-in, compromising the security of 17,692 companies and 20,143 individuals.
The majority of the data was names and addresses but 16,451 customers (10,382 companies and 6069 individuals) of the records included bank account details. Thousands of the records also related to Glasgow citizens in receipt of winter fuel payments.
"We are in the process of writing to the people affected by this theft to alert them to the data loss and offer them advice about what steps they might need to take," a council spokesperson told the BBC.
"We've also provided them with a phone number they can use to contact us if they have any questions."
Because the laptop was stolen from inside a building rather than lost outside it, the ICO might view the lack of encryption in a more benevolent light. The only security applied to the machine was a boot or application password, no barrier to a determined hacker.
Counting against the Council, however, will be its 2009 loss of an unencrypted USB stick containing data on local sex offenders, victims, case officers and witnesses, which earned it an ICO enforcement notice.