The company Comuto Deutschland made the announcement on Tuesday, only a day after Telekom revealed that a cyber attack had knocked out the internet for almost a million of its customers.
“We regret to inform you that there has been an illegal seizure of archives from the former platforms mitfahrgelegenheit.de and mitfahrzentrale.de,” the statement read.
The attack took place at the end of October on archived data from the two car-sharing platforms which are no longer active, having been replaced by BlaBlaCar in 2015.
Stolen were 638,000 IBAN and bank account numbers, 101,000 email addresses and 15,000 mobile phone numbers, as well as names and addresses of users of the sites.
Users of BlaBlaCar, which is also run by Comuto Deutschland, did not have sensitive details stolen during the hack, the company says, stressing that its data is protected under a different security system.
People who had accounts with the two affected platforms are encouraged to look through their bank statements for the past six weeks in case of unusual payments or deposits.
They can also call the company on 0800-32 32 555 for further advice.
Although Comuto Deutschland do not say where the attack originated from, the news comes on the day Chancellor Angela Merkel warned that Germany would have to learn to live with cyber attacks from Russia.
After almost one million Deutsche Telekom clients were knocked offline from Sunday, Merkel said "such cyber attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them".
"It was quickly clear to us that it was a hacking attack," Arne Schönbohm, the head of the Federal Office for Information Security, told the regional newspaper group Funke about the Telekom attack.
"That is organized crime," he said, adding that the hackers apparently used the so-called Mirai malware to infect routers, preventing them from connecting to the main network.