TalkTalk cyber attack: Hackers 'can't raid bank accounts'
Data stolen in the cyber attack on TalkTalk does not allow criminals to plunder customers' bank accounts, the company has claimed.
TalkTalk said complete credit card details are not stored in its system and that account passwords were not accessed.
"We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account," a spokesman added.
TalkTalk chief executive Dido Harding insisted customer bank details have not been compromised.
"The financial information they have on its own is not enough for them to access your bank account," she told Sky News.
Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information.
"TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer.
"Those are criminals doing that and we all need to make sure that we don't let them win," she added.
All TalkTalk customers are being offered free credit monitoring as they could be at risk from fraudsters using stolen details to impersonate them.
Baroness Harding said she was sorry it was "extremely concerning and scary" but insisted TalkTalk notified customers as quickly as possible.
"Thirty-six hours after the attack began was when we started to communicate with customers," she told Sky.
"All I knew then was that criminals were trying to attack my website.
"I know that to people listening 36 hours feels like a long time but we had teams working around the clock to get the sense of the scale of the attack and we communicated it before we knew that.
"Today we know a lot more about the attack."
In a statement the company announced the attack was on the website rather than the "core systems".
Consumer group Which? insists TalkTalk customers affected by the breach should not have to pay a penalty fee to break their contract.
Richard Lloyd, executive director, said: "We expect that any affected TalkTalk customers who want to leave their contract should be able to do so without penalty.
"Nobody should lose out as a result of this breach, so TalkTalk should also look at what more it needs to do for its customers, including appropriate compensation for those affected. It's important people are treated fairly."
Police are investigating a ransom demand sent to the telecoms giant following Wednesday's attack.
TalkTalk was contacted by someone claiming to be responsible and seeking payment, but was not sure if the message was genuine.
The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the last eight months.
In August the company said its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.
Customers were warned in February about scammers who managed to steal thousands of account numbers and names from the company's computers.
The company has reportedly been warned before by experts about its security.
A spokesman for the firm said: "Since the previous attacks, we are working with world leading cyber security experts and investing a lot in making sure our system is as secure as possible.
"Unfortunately no system is ever totally invincible - there was clearly more that should have been done in this case, and I am very sorry for the worry and frustration this attack has caused our customers."
Scotland Yard is investigating alongside the National Crime Agency (NCA) but no arrests have been made.
One theory for the motive behind the attack had been Islamic extremism, with one self-proclaimed Jihadi group putting what it said was personal details of TalkTalk customers on a website.
However, the accuracy of the information has not been verified and there was also speculation that blackmailers could be behind the attack.
The company said it is working with credit reporting service Noddle to offer 12 months of credit monitoring alerts for free.
A TalkTalk spokesman later added: " Following the recent criminal Cyber Attack on the TalkTalk website, where possible we have paused brand marketing for the time being to focus on supporting and reassuring our customers. That includes our X Factor idents and TV advertising."