A water company has confirmed that some customers' data may have been stolen in a cyber attack.

Southern Water started forensic investigations, led by independent cyber security specialists, after suspicious activity was found on their IT systems last month.

Cyber criminals claimed that data had been stolen, however there was no evidence at the time that this involved personal data.

Southern Water has now confirmed that the "illegal intrusion" of their IT systems may affect a percentage of their customers, as well as current and ex-employees.

READ MORE: Bags of nappies and cat litter left by dog waste bins across town

Independent cybersecurity experts have been tasked to scrutinise activity on the "dark web" and have said that since the company was named on a cyber criminals’ site on January 22, they have found no new evidence of the data potentially involved in this cyber incident being published online.

Southern Water said they have begun making contact with anyone who might have had their data exposed.

A spokesman for Southern Water said: "Based on our forensic investigations so far, which are ongoing, we are planning to notify in the order of five to 10 percent of our customer base to let them know that their personal data has been impacted.

"We are also notifying all of our current employees and some former employees.

"These notifications will offer security advice, as well as guidance on recommended precautionary steps and details of the support we are offering them.

"Throughout this process we have been working with Government, our regulators and the National Cyber Security Centre.

"We have also notified the police and the Information Commissioner's Office."

Southern Water has said that their day-to-day operations and customer services are unaffected by this event.

The company, which supplies water to thousands of homes across Sussex, told customers they are "very sorry" this has happened.

A spokesman for the company said: "We take data protection and information security very seriously and, in accordance with our regulatory obligations, we are making contact with anyone whose personal data may be at risk."