A data breach at the Independent Parliamentary Standards Authority (IPSA) led to MP's information being placed at risk, including banking details and home telephone numbers.
The breach occurred on 13 July following IT maintenance on an MP expenses database, allowing people with an expenses account and their clerks to access the information.
The security loophole was left open for 21 hours and the Information Commissioner's Office (ICO) has ordered the IPSA to take steps to ensure such a breach does not occur again.
"This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched," said Mick Gorrill, head of enforcement at the ICO.
"MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security."
The IPSA, which said it reported the breach to the ICO as soon as it happened, has now signed an undertaking, which includes a requirement to ensure system administrator accounts are reviewed regularly.
The news came less than a week after an MP, Robert Halfon, had criticised the ICO for not doing enough in the investigation into the Google Street View scandal.
In particular, Halfon took umbrage with a decision to send "non-technical" people to Google headquarters during the initial investigation in July.
The ICO is yet to levy a company with a fine, but has said it will do so this month.
