Hundreds of British Gas customers have been warned after customer e-mail addresses and account passwords appeared online.
Around 2,200 warning letters have been sent to customers informing them of the incident - but the firm has insisted its systems are secure and no payment details were revealed.
The company says it is "confident" the data leak had not come from within the company and said it "someone external" who had possibly targeted customers with phishing attacks.
The e-mail from British Gas to customers stated: "I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
"As you'd expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas ."
The logins, which have now been removed, were posted to text-sharing site Pastebin.
It has been suggested customers may have been targeted through an online scam or phishing e-mails, asking them to reveal their data.
Those affected are being asked to reset their passwords through the company website.
Details will be sent to the Information Commissioner's Office following the leak, British Gas added.
A British Gas spokesperson said the leaks affected only a "small proportion" of its 14 million customers and was "very different" to recent cyber attacks suffered by other companies when customer details were visible online.
Marks & Spencer were forced to shut down their website temporarily after users reported logging in and seeing other people's details.
And last week, phone and broadband provider TalkTalk was hacked and bank account details and sort codes of an unknown number of customers may have been accessed.