More than 300 companies and individuals could be involved in so-called “blue chip” hacking where private information is obtained unlawfully through a range of shady methods.
A list of 102 names has already been passed to MPs but it has now emerged that police have a second, secret list of at least another 200 who “feature directly” in ongoing criminal investigations.
A parliamentary select committee is now considering whether to reopen its inquiry in to private investigators following the latest revelations, which some MPs have already warned could dwarf the newspaper hacking scandal.
It comes as Theresa May, the Home Secretary, will this week announce a crackdown on private eyes by introducing a regulatory licensing system for the first time.
Investigators already guilty of hacking will be barred from obtaining a licence and those who operate without one could face up to six months in prison.
Keith Vaz, chairman of the Home Affairs Select Committee, said: “It is clear this is much, much bigger than one even thought or anticipated.”
Last month, a leaked report into the scale and extent of hacking, compiled by the Serious Organised Crime Agency (Soca), suggested much of the information obtained illegally by private detectives was done so on behalf of some of the country’s most reputable businesses.
The agency compiled a list of 102 potential clients associated with private detectives who directly or indirectly obtained private data unlawfully.
Tactics included phone and computer hacking, blagging (pretending to be someone else to glean information from an official source) and phone interceptions.
That list has now been passed to Mr Vaz’s committee but currently on strict confidentiality grounds.
Mr Vaz has demanded to know on what grounds it should be kept secret as it is understood all the names on that list relate to investigations that are now completed.
However, in a letter to Mr Vaz from Trevor Pearce, director general of Soca, it has emerged that a second list is with the Metropolitan Police because it contained “client information that continues to feature directly in current actions”.
No one on either list has so been directly accused of criminality or knowledge that an investigator they employed was acting illegally.
But it raises the prospect that the scale of the activities is far greater than previously thought.
One hacker has previously said 80 per cent of his client list comprised of blue-chip companies and high profile individuals, with the rest connected to the media.
Mr Vaz is concerned that the existence of a second list was never raised during oral evidence sessions with representatives from both Soca and Scotland Yard.
He said: “We will have to, as a committee, look at whether to reopen the inquiry in September and recall some of the witnesses.”
He said members may even meet over the summer recess to decide whether the original list should be published.
One convicted private eye yesterday accused police and Soca of effectively protecting companies who hired investigators.
Graham Freeman was one of four private detectives jailed last year after admitting conspiring to defraud people by blagging personal information in a Soca operation code-named Millipede.
Many of the names on the original Soca list are understood to have arisen from that investigation.
Mr Freeman spent just eight weeks behind bars and said yesterday that the list was a “Pandora’s box” which once opened would lead to the jailing of dozens of bankers, lawyers and boardroom executives.
He said: “Soca doesn’t want to give up the Millipede names because if they did they would be forced to investigate them and charge them for conspiracy to defraud as they did us.
“On that list are the names of law firms, banks and insurance companies who all used private detectives for all sorts of reasons.”
The Home Secretary will this week announce that private investigators will be regulated for the first time.
The change will require private detectives to have a licence to operate and those who work without one could face up to six months in prison and or a fine of up to £5,000.
Anyone already found guilty of hacking or “blagging” will be barred for obtaining a licence.
However there will be special exemptions on obtaining private data for those operating for legitimate journalistic purposes.
The change will mean private eyes will fall under the Security Industry Authority and all those wanting a licence will need to pass a training course and demonstrate they understand the relevant laws on privacy, bribery and data protection.
They will also have to undergo an identity and criminality check.
A Home Office source said it was hoped to have the new regime in place by next year.