The Information Commissioner's Office has warned companies about the data protection threat if they continue to use Windows XP.

Tomorrow sees the end of official support for Microsoft's Windows XP and Microsoft Office 2003 products.

The ICO said: "This is important news for businesses using these products, as it means their systems and the personal data stored within it could potentially be vulnerable.

"The problem will get worse over time as more vulnerabilities are gradually discovered, creating more opportunities for an attacker to exploit and potentially gain unauthorised access to systems."

If firms do not fully secure their data they are subject to fines of up to £500,000 under the Data Protection Act.

Simon Rice, ICO technology group manager, said: "As a responsible data controller, it is your organisation's responsibility to make sure you have the measures in place to keep people's details safe.

"Anyone using either of these two products must consider their options and ensure that personal data is not unduly placed at risk. Failure to do so will leave your organisation's network increasingly vulnerable over time and increases the risk of a serious data breach that your actions could have prevented."

Business consulting firm KPMG has also spelt out the risks for firms continuing to run Windows XP systems beyond this week's support deadline.

KPMG said estimates suggest that 20% of personal computers still run XP. While this figure has dropped from 25% last year, it will "remain stubbornly high for some time", said KPMG.

The "picture is even more complex" with XP still running on computers embedded in systems that are difficult to upgrade, like ATM machines, kiosks, airline ticketing or military systems, KPMG said.

Stephen Bonner, a partner in KPMG's information protection and business resilience team, said: "XP will be with us for some time, and in some quite unexpected places. Little wonder banks and governments are paying millions of pounds to extend support beyond April 8."

And highlighting the potential vulnerabilities of legacy XP systems, Bonner said: "Computers running XP provide a useful population of vulnerable systems to recruit into botnets for spam and potential attacks.

"There has been speculation about cyber criminals holding back a large store of XP vulnerabilities ready to exploit obsolescent systems. I doubt that will happen - the incentive to exploit early and make money is just too great."