More than a quarter of a million payday loan company customers wonga are warned that their personal data may have been stolen during a corporate data breach.
The online lender said it was “urgently investigating illegal and unauthorized access” to the personal data of some of its customers in the UK and Poland. It is understood the breach could affect up to 270,000 current and former customers, including 245,000 in the UK. The company would not reveal where it took place.
The lender, which offers loans at interest rates from 1,286% per annum, became aware of a problem last week but only realized on Friday that the data could be accessed from the outside. He alerted authorities and began contacting borrowers on Saturday to raise awareness of the issue and give details of a dedicated customer service hotline for those affected.
Customers allegedly affected received a message from the payday lender saying, “We believe there may have been illegal and unauthorized access to some of your personal data on your Wonga.com account.”
The message said that Wonga was working to establish all the details, but that the data breached “may include one or more of the following: name, email address, home address, phone number, the last four digits of your card number (but not the full account number) and/or your bank account number and sort code.”
He said the lender believed Wonga’s accounts and passwords had not been compromised, but customers were urged to look for any unusual activity on their accounts. In a statement, the company said: “We are working closely with authorities and are in the process of notifying affected customers. We sincerely apologize for any inconvenience caused.”
The breach will be a blow to Wonga, who has tried in recent years to improve his reputation following a series of controversies. The lender, which has advertised extensively on television and through football sponsorships, has been recognized by the financial regulator as having made loans to customers who could not afford to repay them and to have chased bad debts with letters from a fake law firm. New directors replaced the company’s original foundersa three-month loan launched alongside the short-term personal loan, and marketing changed to appeal to a more affluent audience.
However, it has been hit hard by tougher lending rules introduced when the Financial Conduct Authority (FCA) took over leadership of the sector. The last set of results showed that the business made a pre-tax loss of £80.2m in 2015up from £38.1 million the previous year.
There was no sign of the breach on the lender’s website, which contained its usual information on how to apply for its loans. He alerted the police, the Information Commissioner’s Office (ICO) and the FCA. The ICO regulates the use and protection of corporate personal data by businesses, although financial services companies are not required to notify it of any breaches. A spokesperson for the organization said: “All organizations have a responsibility to protect customers’ personal information. If we find that this has not happened, we can investigate and take enforcement action. »
Wonga is the latest in a long line of companies to discover that the information they hold about their customers has been compromised. In November, Tesco Bank suspended online transactions after £2.5million was stolen from 9,000 customerswhile the mobile phone operator Three said the information of 130,000 users had been compromised when its systems were hacked. A cyberattack on telephone company Talk Talk in 2015 resulted in a £400,000 fine from the ICO after it found that the company “could have been prevented if TalkTalk had taken basic steps to protect information client”.
On Twitter, some of Wonga’s customers were expressing concern about the breach and complaining that they were having trouble accessing Wonga’s website to change their account passwords. One tweeted the @OfficialWonga feed to say, “I received an email saying my details may have been hacked. Please can you tell me if this is real? Waiting for ages.
