Defence Secretary Des Browne says a probe into the loss of a laptop with details of 600,000 people has uncovered two similar thefts since 2005.
One of the laptops was stolen in Birmingham on 9 January
The two laptops held similar data to one stolen from a Royal Navy recruiting officer in Birmingham but on fewer people, Mr Browne told MPs.
Shadow defence secretary Liam Fox called it a "dreadful mess".
The head of the Civil Service has told Whitehall staff not to remove laptops with sensitive data from their offices.
In his statement, the defence secretary announced a full investigation "into how these weaknesses came about" by Sir Edmund Burton, chairman of the Information Advisory Council.
The theft in Birmingham, which sparked the internal inquiry, came after the naval officer failed to follow security procedures, Mr Browne said.
He said data on the laptop stolen in Edgbaston on 9 January included passport, National Insurance and driver's licence numbers, family details and NHS numbers for about 153,000 people who applied to join the armed forces.
Banking details were also included for around 3,700 people, he said. Letters are being sent to all involved.
Ministers were informed on 14 January that the information was not encrypted. The police were called and all similar laptops were recalled within the next four days.
"It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or, indeed, why the database retains this information at all," said Mr Browne.
He said the intelligence services had told him there was no indication that the unencrypted files had fallen into the hands of extremists, but it could not be ruled out.
Action is being considered against the officer concerned and following an internal Royal Navy investigation "steps are being taken to prevent a reoccurrence" of the incident, Mr Browne said.
He also disclosed that "two further laptops, potentially containing similar data" had been stolen since 2005 - and neither was encrypted.
A Royal Navy laptop stolen from a car in Manchester in October 2006 contained unencrypted details of at least 500 people.
And an army recruiting laptop was stolen from a careers office in Edinburgh in December 2005.
"There's nothing to suggest that the earlier thefts have been exploited for criminal purposes," said Mr Browne.
But he stressed: "Our internal investigation has identified weaknesses in the application of MoD security procedures to this database.
"It is clear that the database files were not encrypted, in breach of MoD procedures."
Child benefit data
The new rule on laptops comes in an e-mail from the Civil Service chief, Cabinet Secretary Sir Gus O'Donnell, to all government departments.
It said: "From now on, no unencrypted laptops or drives containing personal data should be taken outside secured office premises.
"Please ensure that this is communicated throughout your organisation and delivery bodies and implemented immediately, and that steps are taken to monitor compliance."
Dr Fox, for the Tories, said the incident showed "incompetence, mismanagement and poor procedures" on the part of the authorities.
He said it was potentially more damaging than HM Revenue and Customs' loss of 25 million people's child benefit details.
"Clearly we don't know what risks will be faced by those on the databases - it will depend on whose hands it has fallen into," he said.
"But to put our troops and the public at risk in this way is unforgivable because this seems like a systemic failure, not a single act of incompetence or irresponsibility."
Dr Fox said some 68 MoD laptops had been stolen in 2007, 66 in 2006, 40 in 2005 and 173 in 2004.
"What on earth is going on? How much information on our service personnel is floating around out there? Most importantly, why has nothing been done about it?"