The banking details of over four million consumers may have been stolen following a sustained cyber attack on the Website of mobile operator Talk Talk.
Talk Talk says a criminal investigation has been launched by the Metropolitan Police Cyber Crime Unit following "a significant and sustained" cyberattack on its website on Wednesday 21 October.
The criminals made off with a host of valuable data including names, addresses, date of birth, e-mail accounts, telephone numbers and Talk Talk account information, alongside credit card details and/or bank details.
It appears that Talk Talk IT staff were distracted by a Distributed Denial of Services assault which brought the company's Website crashing down, leaving the criminals free to plunder customer records during the confusion.
Cyber security experts say a Russian Islamist group has claimed responsibility for the attacks, posting data online which appeared to be TalkTalk customers' private information.
In a statement, the Met Police says: "We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing."
The breach is the third major cybersecurity incident to hit the firm in a year, following the theft of thousands of customers details by a third party contractor and the recent attack on Carphone Warehouse in which 480,000 Talk Talk customer records were lifted. Shares in the vendor have slipped by more than seven percent in morning trading following the latest hit on its reputation.
In a message to customers, Tristia Harrison, Talk Talk MD says: "Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent. We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe."
The company says it has been in contact with major banks and alerted them to monitor suspicious activity on customer accounts.
Update The BBC is reporting that Talk Talk has been contacted by the perpetrators of the fraud demanding a ransom in return for the hacked data and a moratorium on future DDoS attacks.