The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.
Following the hack, which divulged some users’ financial details, all customers of the telecoms group will be offered a free upgrade.
Chief executive Dido Harding said that despite the hack, TalkTalk was “well positioned to deliver strong and sustainable long-term growth”.
The firm expects full-year results to be in line with market expectations.
TalkTalk shares jumped more than 10% by mid-morning on Thursday, but were still down more than 24% compared with their pre-hack value.
Speaking to the BBC, Ms Harding said: “The estimated one-off costs are between £30m and £35m – that’s covering the response to the incident, the incremental calls into our call centres, obviously the additional IT and technology costs, and then the fact that over the last three weeks until yesterday our online sales sites have been down, so there will be lost revenue as a result.”
Upgrade or leave?
She added that in recognition of the uncertainty that this had caused customers, they would be offered an upgrade.
A spokesperson said the type of upgrade offered would depend on the kind of package customers already had. For example, customers with TV packages might be offered a sports channel that they did not already have.
Customers who were financially affected directly will be free to leave TalkTalk without financial penalty. They would have to be able to show they had lost money as a result of the hack.
Customers who wish to leave for a different reason – for example, if they feel their data is not secure – would still have to pay a contract termination fee.
On 21 October, hackers attacked TalkTalk’s website, stealing confidential customer data.
The firm was initially uncertain as to the extent of the hack, but after an investigation it said last week that 157,000 of its customers’ personal details had been accessed.
More than 15,600 bank account numbers and sort codes were stolen. Four people have been arrested and bailed in connection with the hack.
Ms Harding told the BBC that it was “too early to tell” what the longer-term impact of the breach would be on the business.
“We of course saw an immediate spike in customers cancelling their direct debit, but actually after a few days we saw many of those customers reinstating their direct debits again, so time will tell, but the early signs are that customers think we are doing the right thing,” she told BBC business editor Kamal Ahmed.
Paula Barrett, a partner at law firm Eversheds, said preventing cyber-attacks costs money, but not preventing them costs more.
“Today’s announcement reinforces how significant the cost impact of this sort of event can be. There can be a very long cost tail to these scenarios, which may run for years as new systems and processes have to be adopted and claims handled,” she said.