The revelation was published by The Mail on Sunday, and is based partial information - a sample of the stolen files - provided by a whistleblower that wants the affected customers to be warned and wary of cold calls made by unscrupulous traders.
The stolen records apparently contain the customers' name, date of birth, national insurance number, address, phone number, passport number, employment status, occupation, earnings, extensive financial status information as well as a summary of their attitude to financial risk, their financial goals, and even some information about their health and private interests.
The whistleblower - a former commodity broker - says that each record was priced around £50 ($82), and that many traders have opted to buy some of the files.
The whistleblower became aware of the existence of the files in September 2013 when he was asked by the boss of the brokerage firm he was working for to sell the leads to other brokerages for £8 per file, as they were "done" with them. Apparently, this particular firm started using these files on December 2012, so the breach is definitely old.
It is still unclear how the records were stolen - chances are it's an insider - and the bank has initiated an investigation after The Mail published the report. Still, it seems unbelievable that the bank hasn't suspected anything for such a long time.
Whatever the case may be, they are investigating now, and they have contacted the Information Commissioner and other regulators immediately upon being appraised of the situation.
Initial results indicate that the stole information belongs to customers linked to the bank's Financial Planning business that was shut down in 2011.
The affected customers will, of course, be notified directly of the dangers they face, and the question now remains how much will the bank be fined for failing to protect the information, and what effect this revelation will have on its customers' trust.