The telecoms company insisted "less than 1.2 million" pieces of information – email addresses, names and phone numbers – were affected that related to potentially hundreds of thousands of customers.
However, the loss of financial details affected only a small fraction of them. TalkTalk maintained the hacking involved "less than 21,000 unique bank account numbers and sort codes" and "less than 28,000 obscured credit and debit card details" with the "middle 6 digits" removed. "Less than 15,000 customer dates of birth" were also hacked.
A TalkTalk spokesman said: "Our brand marketing remains on hold while we focus on supporting and reassuring our customers. That includes our X Factor idents and TV advertising this weekend."
The telecom company is understood to have invested "a not inconsiderable amount" in sending messages of reassurance to customers, particularly via social media channels.
The spokesman added: "We diverted some of our marketing spend to channels where we can keep customers updated and give them advice. Social media advertising has proved quite effective. That includes Facebook because it does offer you very rich targeting and Twitter because we can target people who follow us and are commenting on the issue."
TalkTalk first admitted the cyber-breach on 22 October, a day after it happened, and suspended its X Factor sponsorship last weekend.
The company pays an estimated £10 million a year for the sponsorship at the start and end of each commercial break during the shows.
Dido Harding, the chief executive of TalkTalk, said: "Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still ongoing. On behalf of everyone at TalkTalk, I would like to apologise to all our customers."
Detective Superintendent Jayne Snelgrove, of the Metropolitan Police Cyber Crime Unit, said: "TalkTalk have done everything right in bringing this matter to our attention as soon as possible."