The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack but the exact figure remains uncertain.
Chief executive Dido Harding said the company had been working through the night to try to contact all customers and apologised to them for the third cyber-attack affecting the firm in the past 12 months.
"I'm very sorry for all the frustration, worry and concern this will inevitably be causing all of our customers. We have been working through the night to make sure that we contact all of our customers and can reassure them about how they can keep their data safe," Harding said.
"Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company's defences be stronger? I'm a customer myself of TalkTalk, I've been a victim of this attack," she said.
More From This Section
Harding also said she received an email demanding a ransom from a group purporting to be behind the cyber-attack.
"It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," she said.
The cyber-attack comes in the backdrop of several high-profile breaches of personal information in the US.
Details of millions of customer were stolen from the infidelity website Ashley Madison in August this year, while Sony Corp. Was also a victim of data breach in November 2014.
Scotland Yard's cybercrime unit is investigating the attack but said no-one had been arrested over Wednesday's attack, however, enquiries were ongoing.
"There have been no arrests and inquiries are ongoing. We are aware of speculation regarding alleged perpetrators. This investigation remains at an early stage. A full assessment of the alleged data theft is ongoing," a Metropolitan Police statement said.
TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers' accounts.