Sky tonight suspended all co-operation with an anti-piracy law firm after thousands of its customers' personal details appeared on a list of people accused of illegally sharing adult films online.
The list of more than 4,000 names, produced by ACS:Law, was posted on the internet following an attack on the firm's website.
The law firm could be fined up to £500,000 if the Information Commissioner finds it failed to take appropriate steps to keep the information secure.
A Sky spokesman said: "We have suspended all co-operation with ACS:Law with immediate effect.
"This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information."
Sky said it was "very concerned" at the apparent loss of data and "by the actions of those who have sought to publicise the identities of individual customers".
"Like other broadband providers, Sky can be required to disclose information about customers whose accounts are alleged to have been used for illegal downloading," the spokesman said.
"We support the principle that copyright material should be protected and we co-operate with court orders requiring disclosure."
But it said that the security of customer information was also "a high priority" and the data was only ever disclosed in encrypted form.
"In addition, we have an agreement with ACS:Law that requires data to be stored and used safely and securely," the spokesman said.
But Andrew Crossley, who runs the law firm, told BBC News: "We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade."
A spokesman for the Information Commissioner's Office (ICO) said all breaches of the Data Protection Act were taken "very seriously".
"Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act.
"The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken."
Earlier, Information Commissioner Christopher Graham told BBC Breakfast: "The question we will be asking is how secure was this information and how it was so easily accessed from outside.
"We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.
"The Information Commissioner has significant power to take action and I can levy fines of up to half a million pounds on companies that flout the (Data Protection Act)."
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies