TalkTalk’s chief executive has apologised to customers after a “significant and sustained cyber attack” on its website left millions of people potentially at risk of having had theircredit card and bank details stolen .
Police are investigating the hack amid speculation the attackers could be Islamic terrorists or extortionists.
The company’s chief executive Dido Harding defended the firm for not revealing the security breach until Thursday night, despite it taking place on Wednesday morning.
She admitted it does not yet know how many of its four million customers are affected by the third in a spate of cyber attacks affecting them in the last eight months.
In August the company said its mobile sales site was hit by a “sophisticated and co-ordinated cyber attack” in which personal data was breached by criminals.
And in February TalkTalk customers were warned about scammers who managed to steal thousands of account numbers and names from the company’s computers.
Adrian Culley, a former detective in the Met’s cyber crime unit, told BBC Radio 4’s Today programme an Islamic hacking group claimed to be behind the attack.
He said: “They are claiming to be from Soviet Russia and be an Islamic cyber jihadi group. They have posted on to Pastebin information that appears to be TalkTalk customer private information.”
However there was also speculation that blackmailers could be behind the attack.
A Scotland Yard spokesman said: “The Metropolitan Police Cyber Crime Unit is investigating an allegation of data theft from a telecommunications website. The theft was reported to the Met on Wednesday 21 October.
“There have been no arrests and enquiries are ongoing.
“We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing.
Ms Harding told ITV’s Good Morning Britain the three attacks were “completely unrelated”, adding: “We moved as fast as we possibly can, on Wednesday lunchtime all we knew was that our website was running slowly and that we had the indications of a hacker trying to attack us.
“I can’t even tell you today exactly how many customers have been affected. We have tried to come public as fast as we can once we have got a reasonable idea of what potential data has been lost.
“I really appreciate the frustration and the worry and the concern that this causes customers – I am a customer myself – and I am very sorry for that. We are rushing to try and get that information to our customers as fast as we possibly can.”
She added: “This is a crime, a criminal has attacked TalkTalk systems and we are not the only ones, whether it is the US government, Apple, a whole host of companies. Cyber crime is something we all need to get better at defending ourselves against.”