An investigation has been launched into claims that millions of people's pension pot details are being sold to criminals for as little as 5p.
Pensioners' salaries, the value of their investments and the size of their pensions are being sold without their consent, the Daily Mail has reported.
The financial details are allegedly being bought by fraudsters and cold-calling firms. See MoneySavingExpert.com's Pension need-to-knows guide and Pension Liberation guide for tips on avoiding pension scams.
The paper reports that its undercover reporters were sold pension pot details for 15,000 people without any checks being made on who they were and what they wanted the data for.
Following the story, the Information Commissioner's Office (ICO), the privacy watchdog, has launched an investigation into the claims and adds it will be speaking with the Pensions Regulator, the Financial Conduct Authority (FCA) and the police.
The probe comes ahead of next week's pension reforms, which will give people the chance to access their full retirement pots.
'The next PPI scandal'
Experts at the ICO have previously warned that the pension reforms on 6 April could result in a flood of scams on the scale of "the next PPI scandal".
Steve Eckersley, head of enforcement at the ICO, says the revelations are "very worrying indeed". He adds: "It suggests a frequent disregard of laws that are in place specifically to protect consumers. We will be launching an investigation immediately.
"We're aware of allegations raised against several companies involved in the cold-calling sector, and will be making inquiries to establish whether there have been any breaches of the Data Protection Act or Privacy and Electronic Communications Regulations.
"The ICO has powers to issue companies with fines of up to £500,000 for the most serious breaches of the Data Protection Act, while we can also pursue criminal prosecutions around unlawfully obtaining or accessing personal data."
The ICO says it appears that some firms were getting their hands on pension details because some people do not read the terms and conditions of contracts they sign, leaving them open to having their personal data accessed.
In other cases, it appears that some companies were getting and selling on the information unlawfully, while some firms appear to have kept personal information, which should have been deleted.