British Gas customers should change their passwords now as the energy giant has revealed it suffered a "data leak" last night affecting just over 2,000 customers.
The big six supplier says the email addresses and passwords of 2,200 of its customers were exposed online last night, but it adds that payment details, such as bank account or credit card details were not at risk.
An email to the 2,200 affected customers reads: "I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely."
The email addresses and passwords, which British Gas says were removed on Wednesday evening, were displayed on Pastebin, a temporary text uploading website, and were discovered during routine online checks. British Gas won't however confirm exactly which customers are affected or if the leak extends to its 'white label' brand, Sainsbury's Energy.
It's best practice to change passwords every now and then, so use this as an opportunity to do so on your British Gas account and on any other accounts where you use the same or similar passwords – see Martin's Easy Password Tricks blog for passwords help.
British Gas says it's confident the data leak had not come from within the company and was instead caused by "someone external".
However a spokeswoman says the incident is "very different" to the data issues suffered by other providers other the past few weeks, which has seen M&S temporarily suspend its retail website after the details of 800 customers were exposed, and TalkTalk admit that the personal data of all its four million customers may have been accessed following a hack.
Earlier this month MoneySavingExpert.com also revealed how a Halifax and Bank of Scotland online security flaw meant balances and transactions were left exposed for others to view.
Details of this latest data breach will be sent to the Information Commissioner's Office.
I'm a British Gas customer, do I need to do anything?
British Gas says financial details haven't been compromised, however passwords have been accessed, so as well as changing them, to be absolutely safe just in case the worst happens, consider taking the following steps to protect yourself too:
- Check your bank or credit card account for fraud. Monitor the account registered with British Gas over the next few months. If you see anything unusual, contact your bank or credit card provider immediately, and Action Fraud on 0300 123 2040 or via www.actionfraud.police.uk as soon as possible.
- Check your credit file in case anyone's stolen your ID. The credit reference agencies can tell you if anyone's tried to open accounts in your name. Check for free – see our Credit Report guide.
- Don't disclose your data – cold calls/emails are a scam. If you're contacted by anyone asking you for personal data or passwords (such as for your bank account), it's more than likely to be a scam. British Gas says it will never phone, email or write to customers asking for bank account information or passwords. See our 30 Ways to Stop Scams guide for more help on protecting yourself.
Additional reporting by the Press Association.