Child benefit records for 25 million people, including bank details for 7.25 million families, have been lost by HM Revenue & Customs (HMRC).

Chairman Paul Gray has resigned in what the Chancellor of the Exchequer describes as an "extremely serious failure by HMRC in its responsibility to the public".

The police are investigating the situation and banks and building societies have been alerted but so far there is no indication of fraudulent activity affecting the relevant accounts.

"Millions of people across the country will be very concerned and I deeply regret and apologise for their anxiety," said chancellor Alistair Darling told the House of Commons this afternoon.

The problem occurred when a junior official at HMRC sent CD copies of the child benefit database using the department's private postal system in response to a legitimate request from the National Audit Office. When the discs never arrived, they were re-sent – this time using registered post – and arrived as expected.

Darling was keen to emphasise that the officials actions were not in line with departmental procedures.

"The way this was handled was inexcusable - HMRC has well laid down and established procedures which were breached," he said.

The government has been in consultation with the Information Commissioner since the problem first came to light but it is highly likely that the Data Protection Act has been broken.

Shadow chancellor George Osborne called the situation a "catastrophic mistake ".

"What is the point of passing laws to protect people's personal information if they are not even enforced in the heart of government?" he said.

The government says procedures at HMRC are now being reviewed – including senior management approval needed to downloading from any databases.

But the breach is the third time this autumn that the department has lost citizen data. In September 15,000 records went missing and a laptop with 4000 people's information on it was stolen from a car.

Pricewaterhousecoopers chairman Kieran Poynter has been asked to investigate HRMC's data handling and is to produce an interim report in the next month and full conclusions in the Spring. In the short term, all staff have been instructed that downloading from departmental databases is only allowed with express permission from senior management.