The email address and passwords of 2,200 British Gas customers have leaked online, although the company claims that the data came from an external source.
The firm said its systems are secure and sent an email to more than 2,000 customers reassuring them the information had not come from the company. It said the leak was caused by "someone external" and added that no payment data had been compromised.
"I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely,” it read.
The company added that details will be sent to the Information Commissioner's Office following the leak.
The customer data was uploaded to Pastebin, a temporary text uploading website, and discovered by British Gas during routine online checks. The firm removed the data on Wednesday evening.
A British Gas spokeswoman said the leaks affected only a "small proportion" of its 14 million customers and that the data may have been acquired through a targeted phishing attack.
News of the leak emerged just days after internet service provider TalkTalk admitted that an unknown number of customer details had been stolen from its systems.
On Monday, a 15-year-old boy was arrested over the TalkTalk cyber-hack on suspicion of offences under the Computer Misuse Act.