The financial details of up to 54,000 people have mistakenly been released on the internet by Newcastle City Council.
Bosses at the authority admitted the blunder, but said there was no indication of any fraud or misuse.
The error came to light on 19 July after the authority hired an independent expert to test its systems.
It emerged that thousands of credit and debit card transaction details were placed on an insecure server and accessed by overseas computers.
The data file included transactions made between February 2006 and April 2007.
They included payments for council tax, business rates, parking fines and rents.
Residents are now being urged to monitor bank statements carefully in case of any future attempted fraud.
Details of card payments for other services at leisure centres, tourist information centres, museums, theatres and galleries have not been compromised.
The authority said only sophisticated encryption technology would be able to access the data and that no PIN numbers were included in the file.
A full investigation is under way and banks and the police have been informed.
Council leader John Shipley said: "This is an extremely serious breach, which I was shocked to hear about.
"On learning of this for the first time, the chief executive immediately ordered an urgent and thorough investigation, with the police and independent security experts.
"Also, straight away he put in place additional measures to strengthen security."
Chief executive Ian Stratford added: "We are now fully confident that our systems are properly robust, so we are continuing to receive payments by credit and debit cards.
"We very much regret that this situation has developed, although we would again stress that there has been no indication of any fraud or loss, and that we spotted this situation through the thoroughness of our own security and checking systems."