TalkTalk has been hit by a massive cyber attack that could affect as many as four million customers.
The investigation into the hack, in which personal data such as names, dates of birth and credit card numbers may have been stolen, is still ongoing - by the company itself, police and the data regulator. But what can worried customers do while it's still being established who's affected?
Be on the look-out
TalkTalk itself is advising customers to keep an eye on account activity - not just today, but over the next few months. If there's anything suspicious, report it straight to the police's fraud centre.
They have also told customers to be aware of anyone calling up and asking for personal details - passwords, bank account details, any account details or any information at all. If someone calling claims to be from a company and you're unsure if they really are, just call the company directly (never call back on a number given by the suspect person on the phone).
Personal information that may have been stolen, includes:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
Fraudsters also use email and texts, so be similarly wary of any form of communication.
The hackers may also be able to use the information to apply for things like loans and credit cards, so it's worth checking your credit report.
There are companies such as Experian, Call Credit or Equifax, through which this can be done, but TalkTalk has said it will fund a year's free access for customers to do this through Noddle.
What to do right now
Cifas, the UK's fraud prevention service, advises customers to call their bank immediately to let them know personal data may have been compromised and change banking passwords. Banks have also been made aware of the situation by TalkTalk, and they will be monitoring accounts.
It's also best to change the password for any online account, especially if it's the same as the one used for a TalkTalk account.
TalkTalk's website is still down, and password changes on this account can't be made until it is back up and running securely. But when it is up, the account password should be changed too.
Hugo Plowman of law firm Mishcon de Reya has said it is worth checking insurance policies to see if they include cover against identity fraud, "should the worst happen".