British telecom TalkTalk said it has received a ransom demand following a "significant and sustained cyberattack" that put the data of four million customers at risk.
"We were contacted by someone claiming to be responsible, and seeking payment," the company said.
TalkTalk is one of Britain's leading phone providers. It has admitted that its website was hacked earlier this week, and that information including the date of birth, address, credit card and bank details of its four million customers might have been stolen.
Police have launched a criminal investigation, but no arrests have been made. The scale of the breach is still being investigated, police said.
"We take any threat to the security of our customers' data extremely seriously and we are taking all the necessary steps to understand what has happened here," TalkTalk CEO Dido Harding said in a statement.
Related: Security firm says Chinese hackers tried to steal data
TalkTalk said it noticed unusual activity on its website on Wednesday, and took the site offline in an effort to protect data. The company said the initial attack was later found to be a DDOS -- denial of service -- attack.
It admitted not all data were encrypted, but said its systems were "as secure as they could be."
"Unfortunately these criminals are very smart and their attacks are becoming ever more sophisticated," the company said in a statement.
TalkTalk's shares in London were down as much as 10% after the attack came to light Friday morning.