The fraudsters are believed to have used passwords and usernames bought on the "dark web" to enter the online accounts of 1,827 Vodafone mobile phone users.
The criminals were potentially able to gain the names of customers, their mobile numbers, their bank sort codes and the last four digits of their bank accounts, 'The Sunday Times' said.
More From This Section
The incident took place between midnight last Wednesday and midday last Thursday.
It is being investigated by the National Crime Agency (NCA), Britain's equivalent of the FBI.
Vodafone said in a statement: "The information obtained by the criminals cannot be used directly to access customers' bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts."
The company, which has more than 18 million customers in the UK, said that "a handful" of these customers had already been subject to attempts "to use this data for fraudulent activity".
At least two are understood to have been rung up by conmen posing as Vodafone employees.
The company has also warned those affected to be on the lookout for suspicious emails purportedly from Vodafone and seeking their full bank details.
The scam is known as phishing.
The incident follows last month's cyberattack on TalkTalk, in which up to 1.2 million customers had personal information stolen, including nearly 21,000 people who had bank account numbers and sort codes taken.
Vodafone was not subject to a hacking attack and insists its systems had not been breached.
All affected customers were expected to have been contacted by the company by last night.