TalkTalk has said the total number of customers whose personal details were accessed in the cyber attack last month is 156,959.
The UK operator suffered a “significant and sustained” hack on 21 October and feared all of its four million customers could have been affected.
Last week, it put out a statement confirming that the number of customers affected and the amount of data potentially stolen was “materially lower” than initially feared.
Today (Friday) it confirmed that 15,656 bank account numbers and sort codes were accessed.
Further, 28,000 obscured credit and debit card numbers were accessed, but TalkTalk said they could not be used for financial transactions.
According to the company, the latter were “orphaned”, meaning that customers cannot be identified by the stolen data.
The remainder appears to have had details such as names, addresses, dates of birth, phone numbers and email addresses accessed.
In total, it said four percent of its customers have sensitive personal data at risk.
The company’s “core systems” were not breached in the attack, which focused on the website alone.
Investigations by both TalkTalk and the Metropolitan Police are continuing, meanwhile.
A week after the incident, Vodafone UK revealed nearly 2,000 customers were at risk after a breach of security.
The operator said the incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.