The company said that customers should continue to reject any phone calls, text messages and emails. More than 15,600 bank account numbers and sort codes have been accessed.
TalkTalk have lost about a third of their share value since the news of the cyber-attack.
According to the firm 4% of their customers data are at risk. TalkTalk said: “Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected. It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss. We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today.”
TalkTalk issued an updated statement stating:
- In The total number of customers whose personal details were accessed is 156,959;
- Of these customers, 15,656 bank account numbers and sort codes were accessed;
- The 28,000 obscured credit and debit card numbers that were accessed cannot be used for financial transactions, and were ‘orphaned’, meaning that customers cannot be identified by the stolen data.
The company said that they have contacted the customers whose financial details were stolen, and will contact other affected customers “within the coming days”.
The cyber attack on TalkTalk's website happened on 21 October. Initially the firm described attack as "significant and sustained", and stolen data includes names, addresses, dates of birth, telephone numbers and email addresses.
A 16-year-old has been released this week, who was fourth accused in this case.
Till today four people have been arrested, includes three teenagers: a boy of 15 in Northern Ireland, a 16-year-old boy from west London, a 20-year-old Staffordshire, and a 16-year-old boy in Norwich. All four have been released on bail.