The information contained on a memory stick was not encrypted
A company which lost the details of thousands of criminals held on a computer memory stick has had its £1.5m contract terminated after an inquiry.
Home Secretary Jacqui Smith said PA Consulting had lost the data after it was transferred securely to the firm.
PA Consulting apologised for the loss of data and said it had accepted its "responsibilities".
The work had now been taken in-house and PA Consulting's other Home Office contracts, worth £8m, are under review.
The Cabinet Office will also launch a review of all contracts signed by the government with private companies to ensure they were "appropriate", said Ms Smith.
"Our contract had stipulated the sort of security provisions that needed to be in place and that had not happened," added the home secretary.
"We are cancelling this contract and we are urgently reviewing the way in which PA Consulting are meeting the requirements of other contracts we have with them.
"Our investigation has demonstrated that while the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost."
Nov 2007: 25m people's child benefit details, held on two discs
Dec 2007: 7,685 Northern Ireland drivers' details
Dec 2007: 3m learner drivers' details lost in US
Jan 2008: 600,000 people's details lost on Navy officer's stolen laptop
June 2008: Six laptops holding 20,000 patients' details stolen from hospital
July 2008: MoD reveals 658 laptops stolen in four years
She said the memory stick had not been encrypted or "managed properly" and had not been found despite extensive searches.
Cancelling the contract will not cost the taxpayer and any expenses incurred will have to be met by PA Consulting, Ms Smith said.
The memory stick contained un-encrypted details about 10,000 prolific offenders as well as names, dates of births and some release date of all 84,000 prisoners in England and Wales - and 33,000 records from the police national computer.
It also carried the initials of people on drug treatment programmes.
The stick was left in an unlocked drawer in an unsecured office at its offices in Victoria, central London.
The loss led to fears prisoners would attempt to claim compensation but Ms Smith reassured MPs that "appropriate measures are in place for individuals seeking information about the data held on them".
Critics say the mistake raises further doubts about the government's controversial ID card project, in which PA Consulting is involved.
Ms Smith said: "The inquiry that we have carried out ... suggests that the most likely thing to have happened was that the data stick was pilfered or lost.
"I think (PA Consulting) recognise that what they have done is against the terms of their contract."
In its first public statement on the data loss incident, a spokesman for PA Consulting said: "The loss of data on this project was caused by human failure, a single employee was in breach of PA's well-established information security processes.
"We deeply regret this human failure and apologise unreservedly to the Home Office."
He said the firm had carried out an examination of all of its government and private sector projects which handle sensitive data and had found, apart from that one incident, "we are fully compliant with robust policies and procedures".
Shadow home secretary Dominic Grieve said the data loss was just the "latest in a long list of fiascos, based on government's careless approach to data management" and it was not good enough to "pass the buck".
"These serial failures are the result of flawed ministerial strategy," he added, saying the ID card scheme should be scrapped.
Liberal Democrat home affairs spokesman Tom Brake also accused ministers of trying to escape criticism for data losses by "making scapegoats out of private companies".
"The government has proved it cannot be trusted with even basic information, let alone with something as intrusive and excessive as the ID cards scheme," he said.
At the weekend, it emerged that another private contractor, EDS, mislaid a computer disc carrying personal details of thousands of employees of the National Offender Management Service in July last year.