The personal data of four million customers may have been stolen in a “significant and sustained cyberattack” targeting one of Britain’s leading phone providers.
U.K. telecom TalkTalk has admitted that its website was hacked earlier this week, and that information including the date of birth, address, credit card and bank details of its four million customers is at risk.
TalkTalk said it had received a ransom demand from “someone claiming to be responsible” for the hack.
Police have launched a criminal investigation, but no arrests have been made. The scale of the breach is still being investigated, police said.
“We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here,” TalkTalk CEO Dido Harding said in a statement.
TalkTalk said it noticed unusual activity on its website on Wednesday, and took the site offline in an effort to protect data. It admitted not all data were encrypted, but said its systems were “as secure as they could be.”
“Unfortunately these criminals are very smart and their attacks are becoming ever more sophisticated,” the company said in a statement.
TalkTalk’s shares in London were down as much as 10% after the attack came to light Friday morning.