The cyberattack on British telecom provider TalkTalk was much smaller than originally feared, the company reported Friday.
Just over 150,000 customers had personal data breached in the hack, with around 15,500 bank account numbers and routing numbers compromised.
The data breach, revealed last month, was originally reported as having the potential to be one of largest in U.K. history, thanks to TalkTalk’s 4 million customers.
Authorities have arrested three teenagers and a 20-year-old man in connection with the hack.
It’s unclear what the goals of the TalkTalk hackers were. The company initially reported that the thieves had demanded a ransom for the stolen customer data. But security firms later reported finding that some pilfered financial data was for sale on the Dark Web.
The company has come under fire for not having adequate security safeguards in place.
Chief Executive Dido Harding told the BBC that “the awful truth is I don’t know” whether all the data was encrypted.
“With the benefit of hindsight, were we doing enough?” Harding said. “Well, you’ve got to say that we weren’t and obviously we will be looking back and reviewing that extremely seriously.”
The company said Friday that it has contacted all affected customers.