tashka2000 - Fotolia
Short-term loan firm Wonga is calling on current and former customers to be vigilant after the company suffered a serious data breach, which could be one of the UK’s largest to date.
The company says it is still working to establish exactly what data was accessed by cyber intruders, underlining the challenges organisations face in determining the scope of cyber attacks.
Until more details are known, Wonga is contacting all those who may have been affected by the breach, which is about 245,000 people in the UK and 25,000 in Poland, according to the BBC.
Wonga said the data affected may include one or more of the following: name, email address, home address, phone number, the last four digits of customers’ card numbers and/or bank account number and sort code, but it emphasised that customers’ full card details were not at risk.
However, some security experts have warned that even incomplete sets of financial data could put affected customers at risk of financial loss.
The company said it did not believe any account passwords had been compromised, but advised concerned customers to change their account password.
Wonga said all past and present customers should look out for any unusual activity across any bank accounts and online portals and avoid disclosing any personal information over the phone.
Scammers who have access to partial data sets often seek to complete them by calling the people affected and posing as employees of the victim’s bank or service provider.
Independent security consultant Graham Cluley said anyone affected should be wary of unsolicited phone calls and emails that might be from scammers trying to exploit the information.
“Wonga has not yet shared details of how hackers might have accessed such sensitive information, but its website is surely high in the list of likely candidates,” Cluley said in a blog post.
Read more about data breaches
- Security experts say the data breach at travel industry association Abta underlines the fact that no organisation is immune from cyber attack and that data holders and consumers should be more proactive about data protection
- Data breaches are becoming more complex and are affecting every department in an organisation, not just IT, according to the Verizon 2017 Data Breach Digest (DBD).
- More than two million voice recordings and email addresses and password data for more than 800,000 accounts linked to an internet-connected toy have been leaked online.
The company said it would alert financial institutions, but also recommended customers to contact their banks and ask them to look out for any suspicious activity.
Wonga said it took customer data and security matters extremely seriously, but added: “Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated.”
If the personal data breach is confirmed, it will be one of the UK’s biggest to date, far exceeding the TalkTalk breach in 2015, which affected just over 150,000 customers and did not include any financial details.
TalkTalk was subsequently hit with a record £400,000 fine by the Information Commissioner’s Office (ICO) in October 2016.
At the time, information commissione, Elizabeth Denham said the telecoms provider had failed to apply “the most basic cyber security measures”, leaving its database vulnerable to an SQL injection attack after failing to apply a fix for a software bug that had been available for more than three years.
If the personal data breach at Wonga is confirmed, the ICO will investigate and will impose a fine if the company is found not to have taken adequate steps to keep customer data safe.