SHARE THIS ARTICLE Share Tweet Post Email

Photo: Getty Images, Photo Illustration by Tom Hall/Bloomberg Photo: Getty Images, Photo Illustration by Tom Hall/Bloomberg

TalkTalk Telecom Group Plc said it received a ransom demand after hackers breached the British phone company’s website in an attack that may have compromised customers’ credit-card details.

The carrier was contacted by a person claiming to be responsible and seeking payment, a spokeswoman said, declining to say how much the person asked. Shares of the company fell the most in more than two years in London after it said it was victim to a “significant and sustained” hack, which occurred Wednesday.

Our website was subjected to a significant and sustained #cyberattack. Thereâ€™s more information here https://t.co/yQK3Q73AjW — TalkTalk (@TalkTalkCare) October 22, 2015

Data including names, birth dates, e-mail addresses, phone numbers and bank-account details also may have been compromised, the London-based company said. The Metropolitan Police cybercrime unit said it’s looking into the alleged theft of data, the investigation is at an early stage, and no arrests have been made.

TalkTalk fell 2 percent to 263.1 pence as of 2:05 p.m. in London trading after dropping as much as 11 percent, the biggest intraday decline since May 2013. The company has a market value of 2.51 billion pounds ($3.9 billion). It will take at least several days before TalkTalk knows the full extent of the hack, and the company will contact its 4 million customers regarding the worst case scenario, a spokeswoman said Friday by phone.

Attempts to steal company information are becoming more frequent with the likes of T-Mobile US Inc., Dixons Carphone Plc and Sony Corp. having sustained cyber attacks in the past year. Adultery website AshleyMadison.com was hit in July by hackers who ended up releasing information they said included details on more than 36 million users, including full names, e-mails and banking information.

‘Thriving Marketplace’

“We have seen a thriving marketplace for stolen data,” said Raj Samani, chief technology officer for Europe, the Middle East and Africa at Intel Corp.’s Intel Security unit. “Extending far beyond card details, almost any information you can imagine is being sold online. With system breaches occurring all the time and swathes of sensitive customer details left in the hands of criminals, businesses should be taking steps to further safeguard this information.”

TalkTalk said its website was taken offline to protect data when unusual activity was noted. “We have been working around the clock with the police and cyber security experts to understand what happened, and what data was taken,” the company said. Police said TalkTalk informed them “as soon as possible.”

The U.K.’s Information Commissioner’s Office said it is also investigating and working with the police. It advised consumers to check credit-card statements and credit ratings. “Any sort of attack of this size and scale is concerning,” Christian Cubitt, a spokesman for U.K. Prime Minister David Cameron, told reporters in London.

Sony Hack

Sony on Wednesday agreed to pay as much as $8 million to settle claims from employees over the theft of their personal information in a computer hack linked to last year’s release of the movie “The Interview.” At Dixons Carphone, as many as 2.4 million customers were exposed to hackers in August, while T-Mobile US said this month about 15 million consumers who filled out credit applications with the wireless carrier may have had their personal information stolen by hackers.

TalkTalk, which had sales of 1.8 billion pounds in the year through March 31, provides TV, phone, Internet and mobile services to consumers and businesses in the U.K.

— With assistance by Kristen Schweizer, Amy Thomson, and Thomas Penny