The HM Revenue & Customs (HMRC) data loss fiasco is a warning to all government departments, according to Information Commissioner Richard Thomas.

The loss of 25 million child benefit records described by the Chancellor yesterday as an "extremely serious failure" in the department's responsibility to the public is the third security lapse under investigation by the data protection watchdog.

More than 15,000 records were lost earlier this month when a couriered disc went astray, and in October more than 4000 people's details were mislaid when a laptop was stolen from a car.

"We are already investigating two other breaches at HMRC – the alarm bells must now ring in every organisation about the risks of not protecting people’s personal information properly," said Thomas.

The latest problem occurred when a junior official at HMRC sent CD copies of the child benefit database using the department's private postal system after a request from the National Audit Office – breaching strict HMRC procedures.

When the discs never arrived, they were re-sent – this time using registered post – and arrived as expected.

HMRC did report the breach to the Information Commissioner's Office, and an independent review of the breach will be carried out by Price Waterhouse Coopers.