tashka2000 - Fotolia

Wonga warns 245,000 UK customers of cyber breach

Loan firm urges customers to be vigilant after data breach that may have exposed personal details, including some financial information

Short-term loan firm Wonga is calling on current and former customers to be vigilant after the company suffered a serious data breach, which could be one of the UK’s largest to date.

The company says it is still working to establish exactly what data was accessed by cyber intruders, underlining the challenges organisations face in determining the scope of cyber attacks.

Until more details are known, Wonga is contacting all those who may have been affected by the breach, which is about 245,000 people in the UK and 25,000 in Poland, according to the BBC.

Wonga said the data affected may include one or more of the following: name, email address, home address, phone number, the last four digits of customers’ card numbers and/or bank account number and sort code, but it emphasised that customers’ full card details were not at risk.

However, some security experts have warned that even incomplete sets of financial data could put affected customers at risk of financial loss.

The company said it did not believe any account passwords had been compromised, but advised concerned customers to change their account password.

Wonga said all past and present customers should look out for any unusual activity across any bank accounts and online portals and avoid disclosing any personal information over the phone.

Scammers who have access to partial data sets often seek to complete them by calling the people affected and posing as employees of the victim’s bank or service provider.

Independent security consultant Graham Cluley said anyone affected should be wary of unsolicited phone calls and emails that might be from scammers trying to exploit the information.

“Wonga has not yet shared details of how hackers might have accessed such sensitive information, but its website is surely high in the list of likely candidates,” Cluley said in a blog post.

Read more about data breaches

The company said it would alert financial institutions, but also recommended customers to contact their banks and ask them to look out for any suspicious activity.

Wonga said it took customer data and security matters extremely seriously, but added: “Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated.”

If the personal data breach is confirmed, it will be one of the UK’s biggest to date, far exceeding the TalkTalk breach in 2015, which affected just over 150,000 customers and did not include any financial details.

TalkTalk was subsequently hit with a record £400,000 fine by the Information Commissioner’s Office (ICO) in October 2016.

At the time, information commissione, Elizabeth Denham said the telecoms provider had failed to apply “the most basic cyber security measures”, leaving its database vulnerable to an SQL injection attack after failing to apply a fix for a software bug that had been available for more than three years.

If the personal data breach at Wonga is confirmed, the ICO will investigate and will impose a fine if the company is found not to have taken adequate steps to keep customer data safe.

Read more on Privacy and data protection

Data Center
Data Management