TalkTalk has received a ransom demand after the British telecoms firm suffered a "significant and sustained cyberattack" on its website, the company said Friday.
Police have launched a criminal investigation into the incident, with the firm confirming the request.
"We were contacted by someone claiming to be responsible and they are seeking payment," a TalkTalk spokesperson told CNBC by phone.
Information including names, addresses, date of birth, phone numbers, email addresses, TalkTalk account information, credit card details and bank details may have been compromised in the breach.
TalkTalk said the attack happened on Wednesday and it was made public Thursday. The U.K. Metropolitan Police's cyber unit is investigating.
"TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations. We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here," Dido Harding, CEO of TalkTalk said in a statement.
"As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday's attack."