The sensitive personal data of millions of TalkTalk customers could have been accessed by hackers after a "significant and sustained cyber attack" on its website, the firm's chief executive has admitted.
Dido Harding could not say whether the information had been encrypted as she apologised to customers who are now at risk of having their credit card and bank details used by the criminals behind the attack.
"I am, in a sense, saying that there is a risk that all of our customers' personal data has been accessed and therefore we are taking that very seriously and looking to make sure that we can help our customers protect themselves if that data has been stolen," she said.
Ms Harding told BBC Radio 4's Today programme that customers would be given free credit monitoring to check if their identity had been cloned and said everyone with a TalkTalk account should assume their information is at risk.
"Yes, I''m sorry but that is exactly why I am on the airwaves this morning saying all of this, why we are giving all of our customers free credit monitoring for the course of the next years so that they can monitor if criminals are using that information to try and impersonate their identity."
Ms Harding defended the firm for not revealing the security breach until Thursday night, despite it taking place on Wednesday morning.
She admitted it does not yet know how many of its four million customers are affected by the third in a spate of cyber attacks affecting them in the last eight months.
In August the company said its mobile sales site was hit by a "sophisticated and co-ordinated cyber attack" in which personal data was breached by criminals.
And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company's computers.
Adrian Culley, a former detective in the Met's cyber crime unit, told BBC Radio 4's Today programme an Islamic hacking group claimed to be behind the attack.
He said: "They are claiming to be from Soviet Russia and be an Islamic cyber jihadi group. They have posted on to Pastebin information that appears to be TalkTalk customer private information."
However there was also speculation that blackmailers could be behind the attack.