TalkTalk Hack: What You Need to Know If You're a Customer

The Metropolitan Police Cyber Crime Unit has launched a criminal investigation into a "significant and sustained cyber attack," that targeted the British phone and broadband provider TalkTalk, the company has said.

Although it has not been confirmed exactly what data has been breached, or who carried out the attack, the company's Consumer Managing Director Tristia Harrison said that there was a chance that customers' names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, and credit card and bank details had been compromised. The company has four million customers in the U.K.

The company has advised that one of the first things its customers should do as a precaution is to change their bank and other passwords used online, as these may be at risk.

TalkTalk suggests people pay close attention to their TalkTalk and bank accounts for the next few months, and that customers should check their credit report with the three main credit agencies—Callcredit, Experian and Equifax.

People should be wary of phone calls and emails that are requesting bank details, passwords and any other personal information, as the breach means that customers may be more at risk of phishing scams, that are designed to trick people into handing over personal details over the phone or via email, according to the Guardian.

TalkTalk has emphasized that it will never send emails asking customers to provide passwords, and that, "We will only ever ask for two digits from it to protect your security."

Nor will TalkTalk "ask for your bank details to process a refund...call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place [or] send you emails asking you to provide your full password."

This is the third time TalkTalk has been hacked this year. A data breach in February targeted customers after scammers stole account numbers and names, and in August, the company said its mobile sales site had been attacked and personal data had been breached.