Morgan Stanley has warned 34,000 investment clients that their personal data may have been stolen while in transit to a government tax office.

The data was on two CD-ROMs that have been password-protected, but not encrypted. The CDs were being posted to the New York State Department of Taxation and Finance.

In a letter to customers, the bank wrote that personal information including names, addresses, income earned on investments and tax identification numbers may be compromised.

A spokesperson for the bank said that while the package arrived at the tax office intact, by the time it reached the desk of the intended recipient, the CDs were missing.

"There's no evidence that there was any criminal intent here, or actual misuse of this information," Jim Wiggins, a spokesperson for Morgan Stanley, told

The latest data breach comes as the Information Commissioner's Office criticised businesses for refusing data protection audits.