The chief executive of TalkTalk, Dido Harding, has admitted that the ISP has undergone a "significant and sustained cyber-attack" that may have resulted in millions of customer details being accessed by hackers.
She said that all of the company’s customers would be given a free credit monitoring to check if their identity had been cloned and said everyone with a TalkTalk account should assume their information is at risk.
Harding, who admitted she was unsure whether the data had been encrypted, said: "I am, in a sense, saying that there is a risk that all of our customers' personal data has been accessed and therefore we are taking that very seriously and looking to make sure that we can help our customers protect themselves if that data has been stolen."
The breach took place on Wednesday morning although it was not revealed publicly until last night. The company does not yet know how many of its four million customers are affected.
The attack on TalkTalk’s services is the third this year. In August, the company said its mobile sales site was hit by a "sophisticated and co-ordinated cyber-attack" in which personal data was breached by criminals.
In February, TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.
Harding said the three separate attacks were unrelated, adding: "We moved as fast as we possibly can, on Wednesday lunchtime all we knew was that our website was running slowly and that we had the indications of a hacker trying to attack us.”
Adrian Culley, a former detective in the Met's cybercrime unit, believes an Islamic hacking group is behind the attack.
He said: "They are claiming to be from Soviet Russia and be an Islamic cyber jihadi group. They have posted on to Pastebin information that appears to be TalkTalk customer private information."
A Scotland Yard spokesman said: "The Metropolitan Police Cyber Crime Unit is investigating an allegation of data theft from a telecommunications website. There have been no arrests and inquiries are ongoing. We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing."
Richard Parris, CEO at identity software company Intercede, believes that news of the attack should be a ‘wake up call’ for all companies serving consumers and storing their personal data.
“In an independent survey of 2,000 16-35 year old consumers it was revealed that very few place any significant trust in companies’ ability to protect their personal data,” he said.
“It really is time that these major businesses gave the issue the attention it deserves – they need to stop relying on simple password-based authentication and to start applying enterprise grade solutions.
“Protecting customers’ private data should be a top priority for any organisation. Failure to demonstrate that adequate safeguards are in place will inevitably result in customers, and revenues, disappearing.”
Earlier this month, a hacker managed to steal the personal details of 15 million T-Mobile customers in the US.