Although the email went out to all customers TalkTalk has said only a few thousand account numbers were affected. The company currently has about four million customers.
A spokesperson from TalkTalk said "We have now concluded a thorough investigation working with an external security company, and we have become aware that some limited non-sensitive information may have been illegally accessed in violation of our security procedure."
The attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.
"We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly," said a statement from TalkTalk. It would not put an exact figure on the number affected but said it was in the "small thousands".
Security expert Graham Cluley described the breach as "very worrying". He told the BBC "Rumours of a TalkTalk data breach have been bubbling up since December, and the company would have done well to warn its customers of potential risks earlier to ensure that they were on their guard against attacks."
"The fact they waited until yesterday before issuing a warning to their customers doesn't look good," he added.