TalkTalk has received a ransom demand after the British telecoms firm suffered a "significant and sustained cyberattack" on its website, the company said Friday.
Police have launched a criminal investigation into the incident, with the firm confirming the request.
"We were contacted by someone claiming to be responsible and they are seeking payment," a TalkTalk spokesperson told CNBC by phone.
Information including names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and bank details may have been compromised in the breach.
TalkTalk said the attack happened on Wednesday and it was made public Thursday. The U.K. Metropolitan Police's cyber unit is investigating.
"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here," Dido Harding, CEO of TalkTalk said in a statement.
"As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack."
In a letter to customers, the telecoms group said it had "taken all necessary measures" to make its website secure. It also said it had contacted the major banks which will be monitoring for suspicious activity on its customers' accounts. TalkTalk added that it's looking to organize a year's free credit monitoring for all customers and will be in touch "in due course.
The hack on TalkTalk highlights the persistent threat from cybercriminals looking to steal sensitive personal information. Often, the data stolen will be sold to criminals on the so-called "dark web" or increasingly on easily-accessible websites.
Earlier this year, Carphone Warehouse admitted that the data of 2.4 million customers may have been accessed after it was breached by hackers.
This is not the first time TalkTalk has fallen prey to hackers. Last year, sensitive customer information was stolen by attackers. They then called up TalkTalk customers and tricked them into thinking they were legitimate customer services representatives to steal more information.