The head of TalkTalk said she has received a ransom demand from someone claiming to be responsible for a "significant and sustained cyberattack" on the company's website.
Millions of TalkTalk customers have been warned their personal data such as bank details, credit cards reports and phone numbers may have been breached during the attack.
TalkTalk Chief executive Dido Harding has now claimed the company has been contacted by people who say they are responsible for the attack and demanding payment. Harding told the BBC: "Yes, we have been contacted by – I don't know whether it's an individual or a group purporting to be the hacker.
"I personally received a contact from someone purporting – as I say, I don't know whether they are or are not – to be the hacker, looking for money." A spokesperson added: "We can confirm we were contacted by someone claiming to be responsible and seeking payment."
She previously apologised for the attack, the third the company has suffered in the past year. She said: "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organisations.
"We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around Wednesday's (21 October) attack."
TalkTalk has already advised customers keep an eye on their accounts over the next few months for unusual activity and to contact their bank and Action Fraud as soon as possible if they spot anything.
TalkTalk also said if customers are contacted by anyone asking for their personal data or passwords, such as for your bank account, to "please take all steps to check the true identity of the organisation" and to check your credit report. Harding said there is a risk that all of TalkTalk's customer's personal data has been accessed. "We are taking that very, very seriously," she said.
Detective Superintendent Jayne Snellgrove of the Cyber Crime Unit said: "TalkTalk has done everything right in bringing this matter to our attention as soon as possible. The Met has one of the largest cybercrime and fraud teams in Europe, with up to 500 specialist officers dedicated to tackling this sort of offence.
"Our success relies on businesses being open with us and each other about the threats they encounter. This case is just one example of the new generation of criminality my team is dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency (NCA).
"Operation Falcon sees a more focused and joined-up approach by the MPS, the business industry and other law enforcement agencies to ensure that we quickly identify the issue – in this case alleged data fraud - and immediately set about working to protect the public, designing out the crime and arresting the culprits."