The OP is looking for a self-destruct mechanism that triggers on the third failed login attempt. Such a policy is very dangerous and drastic. I assume that the OP requires a self-destruct that can resist forensic examination to prevent data recovery by an adversary. The question is: Who?
The OP did not describe the use case that justifies such action, but an example might be a news reporter in an authoritarian country, a war-crimes investigator protecting sources, or a non-governmental organization providing aid to refugees, etc. Keep in mind that well-funded adversaries (like governments) know about self-destruct triggers and they know how to conduct searches in ways that do not invoke the data wiping mechanism.
There are many objectionable motives for the policy you describe, like those who want to leave logic bombs in someone else's systems for blackmail, ransomware, or revenge. The target could be a system owned by the current employer, for example. There are other objectionable groups that may want data destruction triggers on their systems, such as terrorists or agents of a foreign adversary.
-> The OP (and others who followed) have not told us whether this capability would be installed with the full knowledge of those who own the system and the data, or whether it would be installed surreptitiously.
DRIVES WITH SELF-DESTRUCT TRIGGERS
Encrypted drives with self-destruct triggers are readily available (and relatively low cost) in the commercial world. I have encrypted flash drives that automatically self-destruct after too many consecutive failed unlock attempts. They "burn" (overwrite) the strong encryption key that secures the data. Most self-destruction trigger that I have seen are set to ten failed attempts; a few are configurable. In the past, you could buy drives with special physical "keys" that you must plug in to unlock them. I am not sure whether they are still available. There are ways you can create them for yourself. See below.
Commercially available encrypted drives (e.g., encrypted flash drives) are a simple, easy, and relatively low cost solution for many use cases. Most of them have a self-destruct mechanism, but they are usually set to ten failed attempts, not three.
OTHER SOLUTIONS: ENCRYPTION
Another possible solution is whole disk encryption on laptops and external drives. It is easily enabled on most operating systems, including Linux, Windows, and Mac. Depending on the data and how it is used, you can also create encrypted files that mount as virtual drives.
(By the way, the first thing I do with a new laptop is enable full disk encryption ... before I put any of my personal data on it. I use a dummy password until it is encrypted, too. Once encrypted, I change the password, configure it, and put my personal data on it.)
Encrypted drives will not "self-destruct" automatically, but without the unlock passphrase, they may be sufficient.
Another approach to self-destructing encryption would be to create encrypted drives or files that are unlocked using a physical token in your possession. Some tokens will "reset" after a certain number of failed pin attempts. Your ability to physically destroy the token may be a consideration. I have not tried creating my own token-based encrypted drives ... yet. (But I have a new Yubikey that I have been eager to try.)
I would start with the threat model. Figure out the threats you are protecting against first, then go from there. Once you understand the problem (the requirements), then you can work out which solutions will secure your data sufficiently. A policy of "three failed logins then destroy everything" seems rather drastic for most threat models. Does your threat model really justify such a policy?
P.S. (added later): LEGAL CONSIDERATIONS:
There are also legal considerations when encrypting drives or installing self-destruct mechanisms. They vary by country and jurisdiction. In some places you can be sent to prison for failing to decrypt a drive. In others, you may be subject to liability for data destruction, or criminal charges for knowing destruction of evidence. In some places you can be compelled to provide a token, a fingerprint, or camera view of your face to unlock encryption, but you cannot be compelled to provide a password or passphrase. Much of the law that revolves around unlocking encrypted devices remains untested or in dispute. Be aware of the legal ramifications of any solution you evaluate.
A VERY IMPORTANT NOTE:
If anyone here is among the rare group who can morally justify a self-destruct policy like that, then you should not be popping up on a public forum to ask the question. You need professional, expert help on much more than basic data security.