TalkTalk is in the process of telling its four million subscribers that it has fallen victim to a “sustained cyberattack” – and it is possible that personal information including bank details have been pilfered.

The UK ISP took down its website yesterday, telling us this was not related to a broadband outage, and the site stayed down today. The biz kept schtum on the reasons why.

Tonight, TalkTalk issued a statement confirming the Met Police Cyber Crime Unit has launched a criminal investigation “following a significant and sustained cyberattack on our website.”

The ISP admitted that “unfortunately” there is a “chance” that some customer data including subscribers' names, home addresses, dates of birth, phone numbers, email addresses, bank account info and credit card numbers have been accessed by hackers.

TalkTalk CEO Dido Harding said the company “constantly updates its systems” to protect against the “rapidly evolving threat of cyber crime.” Her company, the cops, and cyber-crime “specialists” are trying to discover how the hack happened, and the extent of the intrusion.

Harding added: “As a precaution, we are contacting all our customers straight away with information, support ad advice around yesterday’s attack.”

This is not the first security scare to hit TalkTalk this year: in February, it revealed scammers purporting to be from the ISP had convinced customers to part with their bank account details. ®

The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.