Last week, news broke that the TalkTalk website had been hit by a cyber attack.
The telecoms company described the attack as "significant and sustained" and admitted it did not know how much of its customer data had been encrypted.
Over the weekend, TalkTalk's chief executive, Dido Harding, said that the attack was "smaller" than originally thought. She explained that any credit card details that were taken would have been partial – not enough to withdraw money "on its own".
TalkTalk said that the card details that were accessed during the cyber attack were incomplete. Many numbers would have appeared as an X and been "not useable" for any financial transactions.
However, the firm also warned that customers' bank account and sort code details may have been accessed.
The telephone and broadband provider said it would contact all of its four million current customers. It also said that an unknown number of previous customers may also be at risk.
While some customers have said that money has gone missing from their bank accounts, TalkTalk said there is currently no evidence that customers' bank accounts have been affected as a result of this attack.
On Monday (October 25th), TalkTalk's shares fell more than 12 per cent. They closed at 226.90, compared to a previous close of 260.60. On Tuesday, shares climbed in early trading, following news that a 15-year-old boy had been arrested in connection with the cyber attack.
Metropolitan Police said a house was searched in County Antrim on Monday afternoon and the boy was arrested on suspicion of Computer Misuse Act offences. He was taken into custody and is being questioned by detectives. Police say that a search of the address is continuing, and inquiries are still being made.
Following the the cyber attack, business leaders called for urgent action to tackle cyber crime.
Culture minister Ed Vaizey called the attack "very serious" and told the House of Commons that the government was not against compulsory encryption for firms holding customer data.