Almost 21,000 bank account numbers and 28,000 obscured credit card number were also accessed
TalkTalk hackers accessed almost 1.2 million customer email addresses, names and phone numbers, the telecoms company has admitted.
Hackers also accessed almost 21,000 unique bank account numbers and sort codes, almost 28,000 obscured credit and debit card details and almost 15,000 customer dates of birth, the company said in an update issued last Friday.
The obscured credit and debit card numbers had the middle six digits removed.
TalkTalk reiterated that the credit and debit card details cannot be used for financial transactions and said it had shared the affected bank account details with major UK banks to allow them to protect customers’ accounts.
The company added that the Metropolitan Police Cyber Crime Unit’s criminal investigation is continuing.
TalkTalk chief executive Dido Harding said: “Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still ongoing.
“On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that.”
Detective superintendent Jayne Snelgrove of the Metropolitan Police Cyber Crime Unit added: “TalkTalk have done everything right in bringing this matter to our attention as soon as possible.
“Our success relies on businesses being open with us and each other about the threats they encounter.”