Three of the UK's largest mobile phone companies took at least five years to inform customers their voicemails had been hacked, the Leveson nquiry has heard.
Vodafone, Orange and T-Mobile established that 156 people on their networks were victims of the practice after News of the World royal editor Clive Goodman was arrested in August 2006.
However fears about prejudicing the police investigation meant that Orange and T-Mobile did not notify those affected until last July - and Vodafone told victims only last month.
By contrast, O2 said it discovered that about 40 of its customers could have had their voicemails illegally intercepted and contacted them five years ago, at the time of the original Scotland Yard inquiry.
The press standards inquiry heard that investigations established there were 40 hacking victims on the Vodafone network, 45 on Orange and 71 on T-Mobile.
Goodman was jailed along with private investigator Glenn Mulcaire in January 2007 after they admitted intercepting voicemail messages left on royal aides' phones.
The mobile networks launched a major review of voicemail security after Goodman's arrest, the Inquiry heard.
Mark Hughes, Vodafone's head of security, said detectives provided his company with two landline numbers belonging to News International which were used for hacking.
The phone company identified 177 different voicemail numbers that had been accessed. By comparing these with police records, they established that 40 people had been victims of hacking.
Explaining why Vodafone did not notify those affected until this year, Mr Hughes said: "We were expressly told at the time of the investigation not to contact our customers as we may prejudice the police investigation."
He added: "With the benefit of hindsight, it would have been much better to have a level of clarity with the police much earlier so that we could tell our customers what the issue was."
James Blendis, vice-president for legal and regulatory affairs for Everything Everywhere, the company formed by the merger of Orange and T-Mobile in 2010, said informing all hacking victims earlier could have alerted journalists carrying out the illegal activity.
He said: "What we need to get to is circumstances where we have clarity where we are not prejudicing the investigation, where we are not, for example, tipping off the hackers themselves.
"Some of the numbers, actually, are the journalists at the News of the World, so it is likely that there was some trial and error of the process.
"I think it is highly likely that if we had simply contacted everyone that we had as a potential victim, we may well have tipped off those people."
The mobile phone companies rejected suggestions that they were too slow in reacting to revelations about weaknesses in the security of their customers' voicemails.
Steven Nott, a delivery driver from Cwmbran, South Wales, told the inquiry in December that he tried to warn his network, Vodafone, and the authorities about phone hacking in 1999.
Adrian Gorham, O2's head of fraud and security, said: "I wasn't aware of the Mr Nott case prior to 2005/06.
"We certainly were not aware of the weakness that was being exploited prior to the investigation (into Goodman and Mulcaire in 2006). That was completely news to us and, I believe, to the industry."
The inquiry heard that 13 members of Vodafone staff have been disciplined or dismissed for disclosing personal customer data since 2009 while 54 O2 employees have been disciplined or sacked over breaches of data security since 2003.
Four people working for Orange or T-Mobile have also been dismissed and prosecuted in the last five years for data offences, but details of disciplinary proceedings were not available, the hearing was told.
Tony Imossi, president of the Association of British Investigators, agreed that the practice of "blagging" private information was widespread among private detectives, adding: "I think it's an ongoing issue."
Referring to the use of phone hacking, he said he was involved in drawing up guidelines on the use of private investigators which said surveillance should be used as a method of last resort.
He told the inquiry: "My understanding of what happened with the mobile telephone interception was that it was being used - obviously illegally - as a norm, as a tool of first resort."
Tony Smith, vice chairman of the World Association of Professional Investigators, said he was surprised to learn phone hacking was so widespread.
"We all knew it was going on. But I was amazed at the extent and the unnecessariness of some of it. It just seemed to be the first point of action for some people," he told the hearing.Suggest a correction