Payday loan company Wonga has suffered a data breach that’s been labelled “one of the biggest” in UK history.
Hackers are thought to have gained access to some 245,000 UK accounts, as well a further 25,000 in Poland. By comparison, the huge data breach that cost Talk Talk a record £400,000 fine impacted around 157,000 customers.
What makes this breach extra worrying for both Wonga and its customers is the data that hackers may have accessed – including names, addresses, phone numbers, bank account numbers and sort codes. It may also have stretched to the last four digits of account holders’ debit cards – which are often used for online banking logins.
Help page on Wonga website
Wonga kept quiet about the attack when it was first discovered, believing no data to have been accessed. However, around a week later it had realised the severity and began informing customers. A help page was set up on the Wonga website, suggesting customers let their banks know and keep watch for any suspicious activity.
The company advises its customers to beware of scammers or unusual online activity, and to exercise caution if anyone calls and asks for personal information – regardless of where they claim to be calling from. In such instances, users are advised to hang up immediately.
It finishes the help page with a reminder that Wonga takes users’ security “very seriously”, but that attacks are becoming “increasingly sophisticated”. The company then apologises for “the inconvenience and concern this has caused.”
It’s yet to be seen whether Wonga will be charged for the data breach and if so, how much the eventual cost will be. However, it’s anticipated that Talk Talk’s record may not stand for much longer, as it not only affected fewer customers, but also that most of those impacted didn’t have bank details stolen.
A spokesperson from the Information Commissioner’s Office wouldn’t yet be drawn on punitive measures, saying only: “All organisations have a responsibility to keep customers’ personal information secure. Where we find this has not happened, we can investigate and may take enforcement action.”