Millions of people could have had their credit card and bank details stolen after a ''significant and sustained cyber attack'' on TalkTalk's website.
Scotland Yard's cyber crime unit is investigating after the telecoms giant said customers' names, dates of birth, addresses and phone numbers may also have been accessed.
TalkTalk said it was ''too early to say'' how many of its four million UK customers had been affected by the attack, as the company urged users to change their passwords and check their bank accounts.
The Metropolitan Police confirmed it was investigating an allegation of data theft but no arrests had been made.
A TalkTalk spokesman said: ''A criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website yesterday (Wednesday).
''That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details.
''We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.''
The company's chief executive Dido Harding said the ''rapidly evolving threat of cyber crime'' was affecting an ''increasing number of individuals and organisations''.
She added: ''We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack.''
A TalkTalk spokeswoman said the company shut down its website after it became aware of the attack on Wednesday morning.
The latest breach is the third in a spate of cyber attacks affecting TalkTalk customers.
In August the company revealed its mobile sales site was hit by a ''sophisticated and co-ordinated cyber attack'' in which personal data was breached by criminals.
And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.
One security expert said the latest breach could have ''serious'' consequences for TalkTalk's customers and ''destroy'' trust in phone and broadband provider.
Jason du Preez, chief executive of data privacy company Privitar, said: ''These hacks are not just embarrassing to the organisations involved. They can have really serious financial and personal consequences for your users, destroying consumer trust and loyalty.''
In a letter to customers, TalkTalk managing director Tristia Harrison said the company took ''any threat to the security of our customers' data very seriously''.
''Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent,'' she said.
TalkTalk said it had contacted major banks which will monitor any suspicious activity from customers' accounts and had informed the data protection watchdog, the Information Commissioner's Office. It is also organising free credit monitoring for a year for all of its customers.
The company said any customers who notice unusual activity on their accounts should contact their bank and Action Fraud, the UK's national fraud and internet crime reporting centre.
They have also been urged to change their TalkTalk account passwords and any other accounts which use the same passwords. The firm also admitted some of the data was not encrypted.
In an FAQ on its website, it said: ''Not all of the data was encrypted. We constantly review and update our systems to make sure they are as secure as possible. We're working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future.''
Customers criticised the firm on Twitter over the announcement.
Katie Jonas, who has been a TalkTalk customer for three years, said she was ''fuming'' after being on hold to TalkTalk customer services for more than an hour.
The mother of two from Coventry said: ''I'm very concerned that my bank details may have been taken but didn't want to have to change all bank details. It's a lot of hassle doing so but now it looks like I will have to after the disgusting customer service.
''I was angry enough being on hold that long but to then be cut off is terrible.''
She added her family each had mobile phone contracts with the company and usually got a ''great service'' but added the timing of the announcement was ''not really acceptable''.
She said: ''The late announcement is not really acceptable either but even worse is the communications. By the time people are informed who knows how much could have been stolen.''
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel