It has been claimed that TalkTalk customers' bank details are already up for sale for £1.62 a time following last month's online hack (file photo)

TalkTalk customers' bank details are already up for sale for £1.62 a time following last month's massive online hack, it has been claimed.

Eastern European criminal gangs are said to be the main buyers of such stolen financial data, which includes the 21,000 customer bank account numbers and sort codes that phone and broadband provider TalkTalk admitted had been hacked in a huge security breach.

Now it has been claimed by one hacker that he could make £150,000 by getting hold of the data and selling it on to many gangs.

According to a Sunday People investigation, organised criminals then use the data to fleece unsuspecting victims.

Tactics include burgling homes after phoning ahead to see if they are empty, sending bogus emails to defraud someone, and threatening to delete data unless paid a cash ransom.

A fraudster calling himself 'Martian' claimed to be selling TalkTalk data on a website called Alpha Bay on the dark web - a hidden, hard-to-reach area of the internet.

In the criminal underworld Alpha Bay is seen as an eBay-style market for luxury items, services and illegal drugs, with some 30,000 goods for sale at any one time to its army of some 100,000 users.

All the items have been bought using stolen bank account and credit card numbers.

The Martian offered to sell TalkTalk data for £1.62 a time and claimed to be able to provide the information in 'bulk'.

He told Simon Wright of the Sunday People: 'This information is coming from the recent attacks.

'I'm not claiming I did the TalkTalk hack or had any part of it. All this customer data is valuable and contains personal bank information. You can do what you wish with. This is the real s***.'

He then sent the bank account details and address of a TalkTalk customer from Middlesbrough to prove he had access to the company's database.

On Friday, TalkTalk confirmed that hackers accessed up to 1.2 million email addresses, names and phone numbers. Thousands of bank account numbers, sort codes and partially obscured credit and debit card details were also stolen.

Eastern European criminal gangs are said to be the main buyers of stolen financial data, which includes the 21,000 customer bank account numbers and sort codes that TalkTalk admitted had been hacked (file photo)

Last night a 20-year-old man in Staffordshire became the third person to be held in connection with the hack, following the arrests of a 15-year-old boy from Northern Ireland and a 16-year-old boy from West London.

And despite assurances from TalkTalk chief executive Dido Harding that no transactions could be easily made with the data, angry customers reported money had been fraudulently taken from their bank accounts.

The Dark Web, which can be accessed using a specially-encrypted browser downloaded in seconds, is used by criminals to anonymously sell weapons, drugs, stolen data and child pornography.

WHAT IS THE ALPHA BAY WEBSITE? Hackers are selling data on Alpha Bay (file photo) Alpha Bay is an eBay-style market for luxury items, services and illegal drugs all bought using stolen bank account and credit card numbers. It is administered in Russia and has a Russian computer server. It even has links to the country's mafia, according to experts, and has so far been difficult for authorities to close down. It has around 100,000 users browsing 30,000 goods for sale at any one time. The website can only be accessed on the Dark Web - which can be reached using a specially-encrypted browser downloaded in seconds. It is used by criminals to anonymously sell weapons, drugs, stolen data and child pornography. Sales are made using a currency known as Bitcoins – an electronic payment which cannot be traced back to sellers or buyers. Advertisement

Sales are made using a currency known as Bitcoins – an electronic payment which cannot be traced back to sellers or buyers.

Last Monday a 15-year-old boy from County Antrim in Northern Ireland was arrested in connection with the alleged data theft. He was bailed until a date in November.

And three days later a 16-year-old boy, from Feltham in west London, was also held on suspicion of computer misuse after a search of his home.

The teenager has been bailed to a date yet to be confirmed.

The investigation is being carried out by the Met's cyber crime unit, the PSNI's cyber crime centre and the National Crime Agency.

The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the last eight months, with incidents in August and February resulting in customers' data being taken.

Last night a security expert suggested the TalkTalk hack was ‘just the tip of the iceberg’ and called for the Government to bring in American-style laws that would force companies to report any suspicions of hacked or compromised data to a regulator.

Andy Norton, from computer security company FireEye, said: ‘Most companies may not even know that they’ve been hacked.

‘We have a joke in the industry that most companies manage cyber-security using “DLPI” – denial, luck, prayer and ignorance. We need better breach notification laws.’

A Metropolitan Police spokesman said: ‘We are aware data stolen from TalkTalk has surfaced on the internet/criminal forums and ... have already taken proactive steps to remove any data identified where possible.’

An NCA spokesman said: ‘The crime threats facilitated by the Dark Web are varied and we use a range of approaches against criminals operating there.’

Meanwhile last night the police and National Crime Agency launched an investigation after the Mail on Sunday discovered:

TalkTalk customer details from last month’s hack are being sold on the so-called Dark Web – the unregulated part of the internet;

Visa debit card details of Halifax account holders can be bought for £10 each;

Mobile phone accounts for Vodafone, O2, EE and TV subscriptions for Sky and BT Sport customers are also for sale. When presented with our findings, Vodafone admitted that more than 1,800 customer records had been compromised, and some had been affected by fraudulent activity;

Passwords and user names for major retailers such as Amazon, Uber, Ticketmaster and Ocado have also been stolen and are being sold in bulk. Sandwich chain Subway last night told its online customers to change their passwords as a result of our findings;

Nectar card and Boots Advantage card loyalty points are being sold, as well as Airmiles.