TalkTalk has announced that 156,959 customers had their personal details accessed as a result of the recent attack on its website, of which 15,656 bank account numbers and sort codes were stolen.
In an update, the firm also said the 28,000 credit and debit card numbers that were accessed were obscured, i.e. had part of the number asterixed out, and so are unusable for financial transactions. They were also "orphaned", says TalkTalk, so customers are unable to be verified by the stolen data.
In a statement the firm said: "We can confirm that only 4% of TalkTalk customers have any sensitive personal data at risk." Initially it was feared all 4m customers were at a risk. It also said that they have contacted every customer whose financial deals were accessed, advising them how to keep safe.
Four men of 20 years old and younger have been arrested in association with the attack on the telecoms company website that took place on October 21st. The firm insists only its website, not its core systems were attacked, and that TalkTalk account passwords were not accessed.