The incident was reported to the Information Commissioner's Office, which found that a lack of audit trails and other procedures meant the breach would have gone unnoticed if the recipients had not reported it.
An internal investigation found that the same error had occurred on two previous occasions in the previous month, with details sent to other inmates' families. Police and a member of prison staff were sent to the recipients' home addresses and checks were made to ensure the files had been deleted.
The data breach came to light after one of the recipients contacted the prison in 2011 saying they had received an email from the prison clerk about an upcoming visit, along with a file containing 1,182 prisoners' names, ethnicities, addresses, sentence length and release dates.
The Ministry of Justice is to be fined £140,000 after the personal details of all the prisoners at Cardiff jail were mistakenly e-mailed to three inmates' families.
The Ministry says it treats the security of information very seriously and that it took immediate steps to recover the data as soon as the loss was reported.