TalkTalk has announced that the details of 156,959 customers and 15,656 bank account numbers were accessed in last month’s cyber attack.
But the telecoms firm emphasised the “information accessed cannot on its own lead to financial loss”.
The 28,000 obscured credit and debit card numbers that were taken cannot be used for financial transactions, and were “orphaned”, meaning customers cannot be identified by the stolen data.
Although the decision was taken to tell all four million TalkTalk customers of the security breach, the company says that only 4% of its customers have any sensitive personal data at risk.
Those who have had financial information accessed have all been contacted, and the firm is in the process of getting in touch with all of its other customers who have been affected.
People are still being warned to remain aware of phone and email scams.
Four people arrested separately on suspicion of offences under the Computer Misuse Act, in connection with the cyber attack, have been released on bail.
They are a 16-year-old boy arrested in Norwich, a 20-year-old arrested in Staffordshire, a 16-year-old, from Feltham in west London, and a 15-year-old boy from Co Antrim in Northern Ireland.
Shares in TalkTalk were up nearly 6% in early trading this morning, but they are still down by more than a quarter since details of the hack were first revealed.
The attack on TalkTalk was the third time in less than a year that the firm had been hit by a data breach, and comes in the wake of several other high profile cyber attacks, including those on adultery website Ashley Madison and Sony Pictures.
The causes of this cyber attack are still being investigated, with initial reports suggesting a distributed denial of service (DDoS) attack was used to distract TalkTalk webmasters by flooding the site with traffic, while the hackers gained access elsewhere.