The Prime Minister listened solemnly as his Chancellor, Alistair Darling, laid bare a bureaucratic bungle on an unprecedented scale.
To gasps from MPs, he told how 25 million people might be affected after HM Revenue and Customs (HMRC) lost a copy of its entire child benefits database. He urged people to monitor bank accounts "for unusual activity". Opposition MPs said it was a potential "betrayal of every family in the land".
Scotland Yard is investigating how two CDs containing sensitive information about 7.25 million families - including details about the Prime Minister - went missing last month. Although there was no evidence the information had been obtained by fraudsters, the lapse triggered questions over the role of the Treasury and the Chancellor.
The loss of the data led to the resignation of Paul Gray, the HMRC chairman, and put Mr Darling under renewed fire.
Mr Gray's position had already become shaky following the tax credits' fiasco, after millions of poorer families had been forced to pay back money after administrative errors.
The latest blunder was blamed on a junior official, who copied the information and sent it via a TNT courier, rather than by recorded delivery, breaking all departmental rules.
The fallout from that came barely 24 hours after Mr Darling was forced to make a statement on the mortgage bank Northern Rock, giving assurances that taxpayers' 40 billion liability, including a 24 billion loan, would be repaid.
The Chancellor is not being held personally responsible for the lost CD error - largely because of a "firewall" protecting details held by HMRC from being handled by the Treasury.
Among those whose security details could be compromised are up to 605,000 Scottish families.
Richard Thomas, the Information Commissioner, described it as a wholesale loss of data on an "unprecedented" scale in the UK.
Demanding new powers to prosecute those who breach data-protection laws, he said: "I was deeply disturbed. This is a very serious security breach, but I have warned several times this year about the importance of all organisations taking security seriously."
Political opponents blamed the glitch on the Prime Minister's instructions to cut HMRC 25,000 staff, and challenged the government's credibility.
Mr Darling told the Commons that he "deeply regretted" any security breaches. "This information should not have been downloaded in the way that it was, and it certainly should not have been sent in the way that it was," he said.
"HMRC has clear instructions and procedures. The problem here was the individuals concerned ignored these instructions. That's what we need to make sure doesn't happen in the future. Our priority is to find this data - searches have been carried out, staff are being interviewed, but the missing data has not been found."
Mr Darling added: "I realise millions of people across the country will be very concerned, and I apologise for the anxiety that will be caused."
Political opponents seized on the latest crisis to attack the Treasury. George Osborne, the shadow chancellor, stopped short of asking for Mr Darling's resignation, but said: "There are 25 million people whose personal details now have been lost by this government. Never mind the vision - just get a grip and deliver basic competence."
Treasury officials had suggested the fault lay entirely with the junior official who had bypassed protocol, but Mr Osborne insisted that it was a government, not a Whitehall, problem.
Vince Cable, the Liberal Democrats' acting leader and Treasury spokesman, went further, saying: "The Treasury and its agencies have replaced the Home Office as the department in government which is most 'unfit for purpose'.
"It was the Prime Minister who created the dysfunctional organisation and systems which the Chancellor inherited. Where does the buck stop?"
His jibe was aimed at the departmental overhaul that occurred when the Inland Revenue merged with Customs. Under Mr Brown's instructions, the new super-department was ordered to shed 25,000 staff. It has no separate minister presiding over it, although it comes under the Chancellor's jurisdiction.
Alistair Carmichael, the Lib Dem spokesman on Scotland, said: "This shows a terrifying level of incompetence on the part of a department entrusted with extremely sensitive data. It is mind-boggling that junior officials... have the ability to download the files of 605,000 Scottish families on to insecure CDs."
Stewart Hosie, the SNP's Treasury spokesman, said the Chancellor's credibility had been lost along with 25 million records. "This is a catastrophic breach of security and a fundamental betrayal of trust with every family in the land," he said.
The controversial identity card scheme - which Mr Brown has refused to drop - has also been called into question. Opponents say the breach showed that the government could not be trusted with even-more sensitive biometric data required for the ID system.
The controversy comes after Mr Brown's lowest personal approval ratings in a poll over the weekend. A month ago, at the height of his "honeymoon", 59 per cent of those surveyed by You Gov thought the he was doing a good job. By this week, that had dropped to 33 per cent.
In another blow to the government, shares in Northern Rock had to be suspended several times yesterday as fears grew over whether the taxpayer loan of 24 billion will be repaid. Although the Treasury is quietly seeking either a private buyer or a temporary nationalisation, Mr Darling's assurances have failed to placate market jitters.
There was further bad news for the Treasury when it was revealed it had a much lower than forecast lending surplus of 1 billion last month, compared with a predicted 3 billion. Net borrowing was 24.4 billion, 6 billion more than at the same time last year.
A spokeswoman for Mr Brown said the Prime Minister retained "full confidence" in Mr Darling who, she said, had not offered his resignation. He is also useful in taking the heat off the Prime Minister.
In the early days of his premiership, Mr Brown seemed to thrive on crises, as his ratings soared amid his handling of the bomb plots in Glasgow and London. He was then hit by floods and the foot-and-mouth crisis, which also boosted his popularity and reputation.
His honeymoon period peaked during Labour's conference in September, when he enjoyed a double-digit poll lead. This was wiped out, however, as he allowed speculation over a looming general election to spiral out of control. When he finally confirmed that there would be no poll, opponents accused him of bottling it.
The Home Office, known as the most problem-prone department in Whitehall, then dealt Mr Brown two further headaches: first with the revelation that thousands more migrants had come to Britain than previously predicted, then with the news that illegal immigrants had been cleared to work as security guards for the government.
On Monday, the Prime Minister's spokesman had hinted that Mr Brown was jinxed and would stay away from England's match against Croatia tonight, after cheering Scotland to defeat over the weekend. Last night, it looked like less of a joke and more of a serious statement.
WHAT THEY'VE GOT ON YOU
THE government holds more personal information on the public than ever. Concerns have now been raised that this information is at risk from fraud or hackers.
Here are some of the key databases the government holds, or intends to hold.
• CHILD BENEFIT DATABASE: Held by HM Revenue and Customs, this is at the centre of the controversy. It holds the details of all Child Benefit recipients - 25 million individuals, and 7.25 million families.
• NATIONAL IDENTITY REGISTER: The most controversial of the government's databases, it is linked to the introduction of identity cards and forms part of the National Identity Scheme. The register consists of data systems that will hold personal details such as name, address, date and place of birth as well as iris patterns and facial images. Public and private groups will be able to check the information to help them establish the identity of their customers and staff.
• UK DNA DATABASE: The world's largest database, holding some four million profiles. It is adding 30,000 profiles a month. Anyone arrested for an imprisonable offence can have a sample taken without consent. It also holds samples taken from crime scenes by police. Recent figures showed 108 children under the age of ten were on the system.
• NHS ELECTRONIC PATIENTS RECORD SYSTEM:
Part of the government's 12.4 billion National Programme for IT, this aims to put all patient records online in a mass database.
Q & A: MISSING INFORMATION AND THE RISK OF FRAUD
What information was on the discs?
Details of people claiming child benefit, including names, addresses, dates of birth, child benefit numbers, National Insurance numbers and bank or building society account details, as well as the names and dates of birth of children for whom the benefit is being claimed.
Does this mean I could now be a victim of identity theft?
All of these details would be useful to a fraudster trying to commit identity theft. Alistair Darling, the Chancellor, last night said the police were investigating, and so far there was no evidence the data had fallen into criminal hands.
Should I close my account and change my security details?
No, there is no evidence of any suspicious activity on the accounts in question. The details lost are also not sufficient to enable someone to access your bank account.
However, HMRC is advising people who use any personal data, such as a child's name or date of birth in their password, to consider changing it.
Do I need to contact my bank or building society?
Not unless you see a transaction in your account that you did not authorise.
Is the missing data of any use to a fraudster?
Yes, while the details themselves will not enable anyone to access people's bank accounts, the information could help them to commit account takeover fraud, although additional information would be needed. There is also a risk the details could be used to set up credit agreements, such as a credit card, loan or mobile phone account in someone else's name.
What should I do if I notice something unusual with my account?
Contact your bank immediately. If you discover an account has been opened in your name with a bank or other company that you have not had any dealings with, contact them immediately and inform the police.
What can I do to protect my account?
People should be vigilant to the possibility of identity fraud, checking their statements carefully and informing their bank immediately if they spot any unauthorised transactions.
In the longer term, people should be careful about how they dispose of personal data and should regularly change any online passwords they use and monitor their credit reports to see if any unauthorised searches have been made.
Will the government accept responsibility for any financial losses?
Jane Kennedy, the financial secretary at the Treasury, last night refused to be drawn on whether the government would be liable for any loss of money.
Where can I get more advice?
HM Revenue and Customs has set up a child benefit helpline on 0845 302 1444.
Debacle is 'final blow' for national ID cards
CONTROVERSIAL plans to introduce identity cards have been dealt a devastating blow by the government's inability to keep personal information safe, campaigners claimed last night.
The government wants to spend at least 5.8 billion compiling the personal information of every person in Britain for new ID cards
But after it admitted losing the personal information of 25 million people yesterday, the plan came under fire.
Phil Booth, the national co-ordinator of the NO2ID campaign against identity cards, questioned how the government could be trusted with more personal information. He said: "This data disaster shows up the madness behind the government's ID schemes.
"It's bad enough that HMRC can't be trusted with basic financial details. But within five years, the Home Office could be leaking or losing people's complete identity records.
"Development of the National Identity Scheme should stop now. But more than that, we all need to know what information the government holds about us now, how it is already being shared among departments, and what the dangers are.
"That will only happen if there is a full and independent audit of what personal information is currently collected and the ways it is used."
George Osborne, the shadow chancellor, said the scandal was the "final blow for the ambitions of this government to create a national ID card".
He added: "They simply cannot be trusted with people's personal information."
Vince Cable, the acting Liberal Democrat leader, said that the public has lost confidence in the government's ability to use information.
However, Alistair Darling, the Chancellor, claimed information on ID cards would be protected. He said: "The key thing about ID cards, of course, is it means that information is protected by personal biometric information. The problem at the moment is, because we don't have that protection, information is much more vulnerable than it should be."
Package contained information of over 7.2 million families
THE package the junior customs official handed to the courier on 18 October was externally innocuous - two regular compact discs, the like of which cost only a nominal amount to produce and which litter desks and homes across the country.
It was the information they contained which was of value and it would be more than two months later, when it emerged they were missing, that the true political, economic and social cost to the country would become clear.
The discs were filled with the HMRC's entire database on child benefit payments - the personal data of 7.2 million families - virtually every family with a child under 16. It could include more than 600,000 households north of the Border.
The password-protected, but not encrypted, discs included names, addresses, dates of birth, Child Benefit numbers, National Insurance numbers and bank or building society account details.
HMRC had previously used a courier to transport the information to the National Audit Office (NAO), in March, and was warned this was breaching procedures.
But following another request from the NAO two months later, a junior member of staff repeated the exercise. The package was sent by TNT couriers, which operates HMRC's postal system, but was never recorded or registered - and never arrived. On 24 October, the NAO told HMRC it had not received the data, but the junior official, thinking it was delayed by postal strikes or in the NAO's office move, did not tell senior officials.
A further copy of the data was sent, this time by registered post, which did arrive.
Senior officials at HMRC only learned of the disappearance on 8 November, and passed this on to Mr Darling two days later.
The Chancellor then instructed searches - ultimately fruitless - of where the missing data might be found.
He also informed the Prime Minister and on 14 November told Paul Gray, chairman of HRMC, to call in the police.
He also consulted with the Information Commissioner Richard Thomas, who agreed remedial action was needed before a public statement. At about that time Mr Gray approached the Chancellor to say he planned to resign.
Banks and building societies were alerted to possible consequences on Monday and HMRC has brought in changes to its security procedures, including requiring a senior manager to provide written authorisation for information transfers.
Now it is understood Metropolitan Police officers have searched a child benefit office in Tyne and Wear.
Mr Darling, who has also sought advice from the Financial Services Authority and Serious Organised Crime Agency, said police had no evidence the information "has found its way into the wrong hands".
He urged those affected to monitor their bank accounts for any suspicious activity and gave assurances no innocent parties would suffer any financial loss.