Gas and electricity supplier Powergen was today "urgently" contacting more than 2,500 customers after their banking details were revealed on the company's website in a major security breach.

The incident arose when a customer encountered the names, addresses and banking card numbers of other consumers when he tried to pay his bill online earlier this month.

John Chamberlain, a freelance IT consultant from Leicester, said he had discovered three files containing the bank details of more than 7,000 home and business customers.

Mr Chamberlain told BBC Radio 5 Live: "I couldn't believe what I saw. It was basically names, addresses, credit card details, account numbers and so on.

"I thought, 'I wonder if I'm in here', so I clicked the search button and typed in my name and off it went and found my name, address, credit card number, expiry date..."

Powergen said that the information had not been obtained "fairly" and that it had called in the Metropolitan Police to investigate the breach.

Spokeswoman Isobel Hoseason said: "We take the security of customers' personal information very seriously. Until Tuesday, the allegations by the individual behind the breach of security were unsubstantiated.

"It wasn't until late yesterday that we had any evidence that there had been a breach in security.

"We are aware of the customers who may be affected and will be contacting them today. We hope customers will bear with us.

"We have passed all the information to the police who are now investigating. We were confident that our website was robust. We had our website tested by professionals and the security on that website is robust."