Police have arrested two people in Nottinghamshire over the leak of the BNP membership list on the internet.

The arrests came as part of an investigation by the Welsh police, who are in charge of the case, and the information commissioner's office.

Police said the pair, who have not been named, were held in connection with alleged offences under the Data Protection Act.

A spokesman for Dyfed Powys police said: "We can confirm that last night Nottinghamshire police arrested two people as part of a joint investigation with Dyfed Powys police and the information commissioner's office in conjunction with alleged criminal offences under the Data Protection Act.

"The arrests followed an investigation into a complaint received about the unauthorised release of the BNP party membership list."

The revelation of the party's 13,500-strong membership list last month caused an uproar after thousands of people were identified as supporters of the far right. The exposure left many facing the risk of dismissal from work, disciplinary action or vilification.

The list, which was thought to include those who had expressed an interest in the party but had not signed up, included the names of police officers, solicitors, a doctor and a number of teachers. As well as names and addresses, the list included details such as home and mobile phone numbers and email addresses.

The BNP said the list dated from 2007 and some people on it were no longer members.

The party leader, Nick Griffin, claimed that he knew the identity of the person who published the list, describing him as a "hardliner" senior employee who left the party last year.

The BNP is known to go to considerable lengths to conceal the identities of its members. Membership lists are held on computer spreadsheets, usually by an official based in York. Limited lists are sent to local organisers as encrypted attachments to emails that can be accessed only by officials who have been given a password.