Wonga, the payday loan firm, has been hit with a data breach which may have had an impact on up to 245,000 customers in the UK. According to the firm, it is âurgently investigating illegal and unauthorised access to the personal data of some of its customersâ.
The firm began getting in touch with borrowers on Saturday, also extending support through a phone line dedicated to the cause. The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.
Prof Alan Woodward, a cybersecurity expert at the University of Surrey, said it was âlooking like one of the biggestâ data breaches in the UK involving financial information. The scope of the information stolen might also include the last four digits of customersâ bank cards, which is used by some banks as part of the login process for online accounts.
The data breach also hit a further 25,000 customers in Poland. The firm released a statement saying:
We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.
According to Wonga, the attackers have not gained access to usersâ loan accounts, but has issued a vigilance warning nonetheless. The lender, which is a provider of short-term loans, said that the breach was brought to their notice last week, thinking at the time that no data was involved. By Friday, however, it became clear that the attacks were more serious, after which it started informing customers on Saturday by email and text. The firmâs website showed no outward signs of a breach, carrying its usual information on how to apply for its loans. The police, the Information Commissionerâs Office (ICO) and the FCA have been alerted.
According to Prof Woodward, the combination of names, addresses, sort codes and last four digits of bank cards was âparticularly worryingâ for customers, adding that other breaches in the UK had not tended to gain access to those financial details.
Just last year, Talk Talk was slapped with a record fine for a data breach, but of the nearly 157,000 customers affected, most did not have their bank account details stolen. A data breach also occurred at Yahoo last year, affecting nearly eight million customers in the UK, but it was focused on email addresses and passwords.
A spokeswoman for the Information Commissionerâs Office said:
All organisations have a responsibility to keep customersâ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.
The data breach comes at a particularly precarious moment for Wonga, having been mired in several scandals and attempting to rebuild its reputation.
Back in 2014, UK financial regulators found that the firm had made loans to customers who could not afford to repay them, and pursued debts with letters from a fake law firm. In 2015, the firm experienced a doubling of losses with tougher regulation in the industry. Its pre-tax losses grew to £80.2 million that year, up from £38.1 million in 2014.
The Tech Portal is published by Blue Box Media Private Limited. Our investors have no influence over our reporting. Read our full Ownership and Funding Disclosure â
