Thousands of Wonga users hit by cyber attack
PAYDAY lender Wonga has warned nearly a quarter of a million customers that they may have been affected by a data breach.
The stolen data includes names, addresses, bank account numbers and sort codes. The lender, which provides short-term loans, said it is investigating “illegal and unauthorised access” to some customers’ personal information in both Britain and Poland.
Around 245,000 customers may have been affected by the cyber attack in the UK, and 25,000 in Poland, a spokesman said. The infor- mation stolen could also include the last four digits of users’ bank cards, which are used by some banks to enable log-ins to online banking.
The firm said it knew something had happened by Tuesday, but it did not become aware of a data breach until Friday and began notifying customers on Saturday through email and text.
Wonga said it believes users’ loan accounts are secure and no action needs to be taken. Customers have been warned to look out for any “unusual activity”, and beware cold calls or emails asking for personal information.
Wonga is the latest in a line of British companies and groups to suffer a major security breach. Tesco Bank, Lloyds, TalkTalk and the NHS have all been hacked.
British customers were also among one billion peo- ple whose personal details and passwords could have been compromised when Yahoo was hacked in 2013, which is believed to be the world’s largest ever cyber at- tack. However, Yahoo users’ bank details were not affected, the firm said last year when it divulged the attack after being handed information by law enforcement agencies in the US.
The Wonga breach is believed to be one of the biggest involving financial information to hit a UK firm.
A spokesman said: “Wonga is urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland.
“We are working closely with authorities and we are in the process of informing affected customers.” Wonga has set up a help page on its website for customers and has a phone line for further enquiries. It advises customers to change their password and alert their bank.
The police and Information Commissioner’s Office have been informed. A spokesman said: “All organisations have a responsibility to keep customers’ personal information secure.
“Where we find this has not happened, we can investigate and may take enforcement action.”
In 2014, Wonga agreed to pay compensation of more than £2.6 million to 45,000 customers after sending threatening letters from fake law firms.