Data stolen in the cyber attack on TalkTalk does not allow criminals to plunder customers’ bank accounts, the company has claimed.
TalkTalk said complete credit card details are not stored in its system and that account passwords were not accessed.
“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account,” a spokesman added.
TalkTalk chief executive Dido Harding insisted customer bank details have not been compromised.
“The financial information they have on its own is not enough for them to access your bank account,” she told Sky News.
Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information.
“TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer.
“Those are criminals doing that and we all need to make sure that we don’t let them win,” she added.
All TalkTalk customers are being offered free credit monitoring as they could be at risk from fraudsters using stolen details to impersonate them.
Baroness Harding said she was sorry it was “extremely concerning and scary” but insisted TalkTalk notified customers as quickly as possible.
“Thirty-six hours after the attack began was when we started to communicate with customers,” she told Sky.
“All I knew then was that criminals were trying to attack my website.
“I know that to people listening 36 hours feels like a long time but we had teams working around the clock to get the sense of the scale of the attack and we communicated it before we knew that.
“Today we know a lot more about the attack.”
In a statement the company announced the attack was on the website rather than the “core systems”.
Consumer group Which? insists TalkTalk customers affected by the breach should not have to pay a penalty fee to break their contract.
Richard Lloyd, executive director, said: “We expect that any affected TalkTalk customers who want to leave their contract should be able to do so without penalty.
“Nobody should lose out as a result of this breach, so TalkTalk should also look at what more it needs to do for its customers, including appropriate compensation for those affected. It’s important people are treated fairly.”
Meanwhile, Police are investigating a ransom demand sent to the telecoms giant following Wednesday’s attack.
TalkTalk was contacted by someone claiming to be responsible and seeking payment, but was not sure if the message was genuine.