TalkTalk has given more details of the cyber-attack on its website, saying nearly 157,000 of its customers' personal details were accessed.
More than 15,600 bank account numbers and sort codes were stolen, the company said.
Customers should continue to protect themselves from scam phone calls and emails, TalkTalk added.
This week police released a 16-year-old boy on bail who was the fourth person arrested in connection with the hack.
Since news of the cyber-attack emerged, TalkTalk shares have lost about a third of their value.
The firm said 4% of TalkTalk customers have sensitive data at risk. It confirmed that scale of the attack was "much more limited than initially suspected".
- 156,959 customers had personal details accessed
- Of those customers, 15,656 bank account numbers and sort codes were stolen
- 28,000 stolen credit and debit card numbers were "obscured" and "cannot be used for financial transactions".
Customers whose financial details were stolen have been contacted, and the firm will contact other affected customers "within the coming days".
The cyber attack on TalkTalk's website happened on 21 October, it added.
Details that TalkTalk previously said had been stolen included names, addresses, dates of birth, telephone numbers and email addresses.
So what can you do to try to protect yourself from danger?
In October, the firm described the attack as "significant and sustained", but that it was too early to say which data had been stolen.
It initially said that all of its customers may have been affected, but then reined in its estimate.