The home and email addresses of the 38,000 entrants to the London Marathon were accidentally published on the organisers' website, the BBC has discovered.
A number of high-profile celebrities and politicians were among those who had their personal details made public in the data protection breach.
The details were accessible all day to anybody logging on to the site.
Marathon organisers apologised and said the mistake had been rectified.
BBC Sports News Correspondent James Pearce said organisers had been unaware of the security breach until they were alerted by the BBC on Monday evening.
The problem first came to light when a television presenter was contacted by a member of the public who had found her home address.
The details were available on the section in which commemorative medals, with individual race times inscribed, could be ordered.
Nick Bitel, the chief executive of the London Marathon, said: "We apologise for this error, and are grateful to the BBC for bringing it to our attention.
"We immediately made sure that the glitch was corrected.
"We do not believe that this has led to a substantial number of individuals' details being accessed by members of the public."
Gordon Ramsay, Nell McAndrew and Shadow Chancellor Ed Balls were among those who took part.
Data Protection Act
A spokesman for the Information Commissioner told the BBC they would "certainly" be launching an investigation.
He said: "This is something the Information Commissioner will need to look in to to see how it has come about.
"It's the reasons these things come about that determine the course of the investigation.
"Every case is different and we will certainly be making enquiries."
The Data Protection Act states that appropriate measures must be taken against accidental loss of personal data.
Under the act any breaches could be considered either a civil or criminal offence depending on the circumstances, the Information Commissioner's spokesman said.