In this file photo dated Oct. 3, 2014, Dido Harding, Chief Executive of telecommunications company TalkTalk. Phone and Internet service provider Talk Talk said Friday that private data from its 4 million British customers may have been compromised in a "significant and sustained" cyberattack on its website, and Chief Executive Harding said "there is a risk that all of our customers' personal data has been accessed," including credit card and bank details. (Anthony Devlin / FILE PA via AP)

Phone and Internet service provider Talk Talk said Friday that it has received a ransom demand after a "significant and sustained" cyberattack that may have compromised customers' credit card and banking details.

Chief Executive Dido Harding said the company did not know how much data was stolen in the attack on Talk Talk's website, but it was operating on a worst-case scenario in which "all of our customers' personal financial information has been accessed."

She said she had "received a contact from someone purporting ... to be the hacker, looking for money."

Harding said she did not know whether the demand was genuine, or whether information on the company's 4 million customers had been encrypted.

London's Metropolitan Police said its cybercrime unit was investigating "an allegation of data theft from a telecommunications website" reported on Wednesday.

Talk Talk has acknowledged that it realized it was under attack on Wednesday. It has been criticized for not telling customers for more than a day.

It is the third known cyberattack in a year on Talk Talk, which provides mobile phone, broadband Internet and pay television services.

Shares in the company plunged more than 10 percent before recovering to close 4.4 percent lower at 256.8 pence ($3.94) on the London Stock Exchange

© 2015 The Associated Press. All rights reserved.