More than 100 websites have been found selling account information for UK bank customers, including account details, Pins and security codes.
UK Information Commissioner Richard Thomas has called for an immediate investigation after The Times claimed that it had been able to download the information for 32 UK customers.
One individual was reportedly willing to sell up to 30,000 British credit card numbers for as little as £1 each.
An Information Commission spokesman said that the details on sale seemed to be for active accounts and could be enough for someone to spend money online.
Brian Spector, general manager at information security company Workshare, warned that the government had to act now.
"As major security breaches make their mark on the UK's consciousness, the true cost of a data breach is being revealed. Millions of people are at risk of fraud as their details are made available online for as little as £1," he said.
"We strongly believe that the government should introduce more stringent data breach laws and prosecute any organisation which takes such a laissez faire approach to protecting customer data."
Spector added that there is no excuse for major data breaches as the technology is available to enforce security policies to prevent leaks from occurring.
"But without punitive measures in place for breaches, organisations will sadly continue to adopt this 'it won't happen to me' attitude," he said.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France