Electric Ireland has said an employee of a company working on its behalf may have inappropriately accessed customer accounts leading to the potential misuse of personal and financial information.
Electric Ireland said its investigations have established that around 8,000 customer accounts may have been compromised.
The company said it has written to all potentially affected customers to make them aware of the issue and provide advice and instructions on what actions to take to mitigate against the risk of potential financial fraud.
In a letter sent to the impacted account holders, seen by RTÉ News, the company said it strongly recommended that customers take a number of actions to protect against being defrauded.
It has advised customers impacted by the data breach to cancel credit or debit cards that are used to make bill payments to the utility.
Along with cancelling credit or debit cards used to make payments to Electric Ireland, it also urged the customers involved to review their "relevant bank account and credit card statements since October 2021, to identify if there is any suspicious activity which may indicate that your account has been compromised and subject to fraud".
Electric Ireland has also advised the customers to "take appropriate steps to safeguard your financial accounts."
It said that may include changing passwords and being vigilant to any unusual activity or unsolicited calls.
"Customers who have not received a letter from Electric Ireland do not need to take any action," the company said in a statement.
"This issue is currently under investigation and Electric Ireland is liaising with An Garda Síochána and the Data Protection Commissioner, and as such the details of this case must remain confidential.
"Customers affected by this issue, who may have experienced any fraudulent activity on their financial accounts in relation to data they gave to Electric Ireland, have been asked to contact the company directly.
"Electric Ireland will inform An Garda Síochána who are managing this investigation. Customers are also advised to contact their bank."
The company said it fully appreciates the gravity of the issue and the concern and inconvenience it will create for those affected customers.
In statement, a spokesperson for the Data Protection Commission confirmed that it has received a breach notification from Electric Ireland.
The DPC said it is "engaging with them on the matter."
Gardaí confirmed they are investigating "a potential data breach at a national utility service provider".
In a statement, they said the potential breach was identified by gardaí attached to the Garda National Cyber Crime Bureau, who referred the matter to the Garda National Economic Crime Bureau for investigation.
An Garda Síochána said it immediately contacted and continues to liaise with the company.
Additional reporting: Fergal O'Brien
