Image copyright Reuters Image caption TalkTalk has said the scale of the security breach was "much smaller" than originally suspected

A 20-year-old Staffordshire man has become the third person to be arrested over the TalkTalk cyber attack.

Up to 1.2 million email addresses, names and phone numbers along with bank details were accessed by hackers during the security breach last week.

The man was arrested in Staffordshire by the Met Police on suspicion of offences under the Computer Misuse Act.

Police have also arrested and bailed a 16-year-old boy from west London and a 15-year-old boy in Northern Ireland.

Both were arrested on suspicion of Computer Misuse Act offences, with the 16-year-old bailed until an as yet unconfirmed date and the 15-year-old bailed until November.

Police confirmed that officers have also carried out a search at a residential property in Liverpool in connection with the "significant and sustained" attack on its website on 21 October.

What should you do if you think you're at risk?

Report any unusual activity on your accounts to your bank and, if you are in England, Wales or Northern Ireland, to the national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk. If you are in Scotland, call Police Scotland

TalkTalk is advising customers to change their account password as soon as its website is back up and running and any other accounts for which you use the same password

Beware of scams: TalkTalk will not call or email customers asking for bank details or for you to download software to your computer, or send emails asking for you to provide your password

TalkTalk hack: What should I do?

'Smaller than suspected'

TalkTalk's chief executive Dido Harding has said the scale of the attack was "much smaller than we originally suspected" but she said the company still needed to "work hard to earn back your trust".

The phone and broadband provider has said hackers accessed up to 28,000 obscured credit and debit card details, with the middle six digits removed, and 15,000 customer dates of birth.

It said any stolen credit or debit card details were incomplete - and therefore could not be used for financial transactions - but advised customers to remain vigilant against fraud.

The company, which has more than four million UK customers, said it was writing to all affected customers to let them know what information had been accessed.

MPs will launch an inquiry into the attack, with culture minister Ed Vaizey saying the government is not against compulsory encryption for firms holding customer data.

The latest breach is the third in a spate of cyber incidents affecting TalkTalk in the last year.

The investigation into the security breach is being carried out by the Metropolitan Police and the Police Service of Northern Ireland's cyber crime centre and the National Crime Agency.