Personal information on 500 staff at Cornwall's Eden Project was on a laptop stolen from the car of an employee at Moorepay, the company that handles the project’s payroll.
The data stolen on 1 June included names, addresses, bank details and pay rates of the staff.
“Suffice to say we are appalled at the lapse of security and are making sure that our personal data is never put in such a vulnerable position again," said Eden Project chief executive Tim Smit.
Poor laptop security has been highlighted in several high-profile data losses recently, with the NHS, Marks & Spencer and Southend council among those affected. Data security breaches involving third-party firms have also hit the headlines, most notably at HBOS and Worcestershire council, where contractor Serco agreed to pay costs.
The Nationwide building society was fined nearly £1m by the Financial Services Authority after the theft of a laptop containing customer data from an employee’s house.
Jamie Cowpe, of security firm PGP warned: "Enterprises need to be more cautious regarding third party companies that they share sensitive information such as payroll details with. Without a thorough assessment of the threat status of companies such as Moorepay, existing security policies can easily be rendered useless.
“Despite the fact that laptop thefts continue to occur, many companies are still ignoring their responsibilities towards stakeholders' personal information,” he said.
Read related articles Anyone seen my laptop?