TalkTalk website hit by 'significant cyber attack'

Updated: 

Police are investigating a "significant and sustained cyber attack" on the TalkTalk website, the telecoms company has revealed.

The phone and broadband provider, which has more than four million customers in the UK, said credit card and bank details along with personal information may have been accessed during the attack.

A TalkTalk spokesman said: "We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed."

The Metropolitan Police confirmed its Cyber Crime Unit was investigating an allegation of data theft which was reported on Wednesday.

"There have been no arrests and enquiries are ongoing," a force spokeswoman said.

The Talk Talk website was unavailable to customers tonight and displayed the message: "Sorry we are currently facing technical issues, our engineers are working hard to fix it. We apologise for any inconvenience this may cause."

A TalkTalk spokesman said: "A criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website yesterday.

"That investigation is ongoing, but unfortunately there is a chance that some of the following data has been compromised: names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details.

"We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed."

The company's chief executive, Dido Harding, said: "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations.

"We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack."

This is the third in a spate of cyber attacks affecting TalkTalk customers.

In August the company revealed its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.

And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.

The theft of data was discovered when TalkTalk investigated a surge in complaints from customers about scam calls between October and December 2014.

In a letter to customers, TalkTalk managing director Tristia Harrison said the company took "any threat to the security of our customers' data very seriously".

"Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent," she said.

TalkTalk said it had contacted major banks which will monitor any suspicious activity from customers' accounts and had informed the data protection watchdog, the Information Commissioner's Office. It is also organising free credit monitoring for a year for all of its customers.

The company said any customers who notice unusual activity on their accounts should contact their bank and Action Fraud, the UK's national fraud and internet crime reporting centre.

They have also been urged to change their TalkTalk account passwords and any other accounts which use the same passwords.