The disks were protected by a password, the government said, but were not encrypted. They were sent by Her Majesty’s Revenue and Customs, the country’s tax collection agency, to the National Audit Office, which monitors government spending, via a parcel delivery company, TNT.

According to the chancellor of the Exchequer, Alistair Darling, who delivered a lengthy explanation to the House of Commons on Tuesday, a “junior” staff member sent the disks. Three weeks later, the tax agency’s managers were informed that the disks had not arrived. Mr. Darling said he was told of the problem two days later, but first had law enforcement officials hunt for the disks and then alerted banks.

“In making this statement today,” he said, “I have had to balance the imperative of informing the House and the public at the earliest opportunity, whilst at the same time ensuring that when I did so the appropriate safeguards were in place to protect the public, including in relation to bank accounts. Indeed the banks were adamant that they wanted as much time as possible to prepare for this announcement.”

But on Wednesday, a spokeswoman for the British Bankers Association, Lesley McLeod, said the group had been informed only on Friday, and that its security measures had been completed by Monday.

Mr. Darling noted two other instances in which the tax agency had sent delicate information to the National Audit Office that were not in keeping with security rules: first in March this year, and then a second time in October, when the audit office first told the tax agency that the two disks had not arrived. Those, he said, were sent by registered mail, and did arrive. Experts on security data said there were signs of systemic security problems.

“It sort of beggars belief how anyone could have access to that data,” Simon Zimmo, the commercial director for Europe, the Middle East and Africa at SecuriData, a data security specialist based in Scotland.

Experts said the information could allow crimes beyond identity theft. Some people use the name of a child or part of an address as a password on a bank account, so the combination of these details could allow someone to break their code.

“You can bet your bottom dollar that there will be people out there looking for those disks, and it’s not just MI5 trying to get them back,” said Mike Davis, an analyst with the Ovum technology consulting firm in London, referring to the British domestic security services.