Harding made another error during a BBC interview in which she said TalkTalk was notifying its customers by email. She was asked how customers would be able to tell if that email indeed came from TalkTalk.
"If you are nervous and suspicious, have a look at the header of the email and you will see the email address that it has come from," Harding said.
The sender address on an email can be easily faked. Such a deception might be obvious to more astute technologists but would likely fool most people.
Cybercriminals are known to use stolen email databases for phishing or other illegal activity, crafting believable messages that can trick people into downloading malware or revealing more personal information.
But it's also possible other scammers who don't have access to the email list could send out random scam emails in hopes some are actually TalkTalk customers.
Sign up for CIO Asia eNewsletters.