COPENHAGEN (Reuters) - Sensitive health information about almost the entire population of Denmark ended up in the wrong hands when a letter by mistake was sent to a Chinese visa office in Copenhagen, the Danish Data Protection Agency said on Wednesday.

The incident happened when two unencrypted CDs containing the data was sent last year by the Serum Institute, a public enterprise under the Danish health ministry, in an envelope to the country’s statistics office.

However, the envelope ended up instead at the Chinese Visa Application Service Centre in Copenhagen, a few hundred meters from the statistics office.

The letter contained information on cancer, diabetes and psychiatric diagnoses as well as other data such as social security numbers, according to documents seen by Reuters.

When a visa centre employee delivered the letter to the intended address, it had been opened, the agency said in a statement.

The “sensitive personal data” of about 5.3 million individuals living in Denmark between 2010 and 2012 was of “very comprehensive nature,” the agency said.

The visa centre is, according to its website, operated by a wholly owned unit of state-controlled Bank of China.